{"report_id":"c1d75cb8-38f9-41c8-b4ef-c7c6139b5938","version":6,"status":"done","tags":[],"date":"2026-04-22T18:26:26Z","url":{"schema":"http","addr":"gcexx.com","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":0,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"title":"GCEX","dom":{"size":101976,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1044)","md5":"34a47fbe768c5271d429d0102a9e55da","sha1":"44e70f4d32f0f05f1728ddb74f407c61ab24df74","sha256":"b96ac626cc7f37c5f9cdd97327d51c4c184140ace3320533b063f7f5ab145c19","sha512":"7aa01eb8b7fff02e32ccb81ef5c3f31ec52affb5aea675978aa5646294793ce45aa197b27f9eb24f3c9ae974b7c9482932189f44a3da8d81c16984eb143fd98c","ssdeep":"768:xzJSBFbbFGFGqtlr8Wj5sAdqBkqr4SRqDlZM/eO/cNBalv/dBYHAY5KYgrY6d5Jz:7KdbMUTrdF2znjgyLGjg4hD+zQF","tlshash":"67a39724b7ef042d242350819f79275630faa633da06c411bbbc1d917fcda0d6977aae","dom_hash":"domhashdaf3c4825f727567b58904227ba77ee6","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"gcexx.com","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":0,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-27T18:26:26Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"gcexx.com","ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":109,"request_count":109,"received_data":2777309,"sent_data":58177,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"ThinkPHP","description":"ThinkPHP is an open-source PHP framework with MVC structure developed and maintained by Shanghai Topthink Company.","website":"https://www.thinkphp.cn","common_platform_enumeration":"cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:*","icon":"ThinkPHP.png","categories":["Web frameworks"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:2.0.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap:4.5.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"FlexSlider","description":"FlexSlider is a free jQuery slider plugin.","website":"https://woocommerce.com/flexslider/","common_platform_enumeration":"","icon":"FlexSlider.png","categories":["Widgets"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-19T22:20:23.925162Z","alert_count":0,"request_count":1,"received_data":6149,"sent_data":465,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-04-19T22:35:51.253585Z","alert_count":0,"request_count":3,"received_data":331413,"sent_data":1518,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"b46b408cbc942d63bfd43a8f1826983e","sha1":"01e1cc338f720796c5029f1d5097e99b19077370","sha256":"3950b6d46e52d6121b17de344357e78659f755146076c05122cd2291a13263c2","sha512":"79260325162b5e9a771cc4458de579320c761e12b7fe755ba7aa5a8c88c1adc7010a2b86b2dafb3f568a170dfdfa17c8df18d606e8248feb9aa8329cea9b322f","ssdeep":"","tlshash":"1621384cfbcd1e973532312c0e3f51899d3966235414c865f23d25f47b8d5093202e96","size":1368,"data":"","first_seen":"2025-03-15T05:55:29.583227Z","last_seen":"2026-04-22T18:27:50.113118Z","times_seen":70,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Home/static/js/jquery-2.0.0.min.js","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"e22f82a5194d1f03ecb712baad2df66c","sha1":"6a9afa00acf537cbdede4aea27f01f8ef6ab165d","sha256":"ac1b82725819fba761d03c03a208214a9157bb026cc5e843d43105970407603a","sha512":"141dcfb31585ad569e19e7769d32a5544219fc1a010611337777f093b1c7143cd8de374b1b50484709a7f42fa472561bbb8976510d06f62f2cf34e3426bde0d7","ssdeep":"1536:DPEkjP+iADIOr/NEe876nmBu3HvF38NdTuJO1z6/A4TqAub0R4ULvguEhjzXpa97:oNM2Jiz6oAFKP5a98Hrq","tlshash":"f583d6d9b2c27062977734b850bf410bb17a98dab80c8c60f0a4d5e47eb4a8d517bf2d","size":84284,"data":"","first_seen":"2023-03-07T12:26:50Z","last_seen":"2026-04-22T20:33:07.896932Z","times_seen":804,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"63d0972fc7c9b91deb5c3230523e2205","sha1":"72f098f9102d426978fea0e743ae76dc2c1bf2b8","sha256":"107144e2d6013555017bbe7e06cef39c53ce46f9765c403a7ba45d2d0b5008d3","sha512":"9c2b205c398924d05a59ba9a017336a1769ce37d5eec64344d05ef8d88937aec222391d24bffbdce9c32e1ceaa76a24e2120d753563b29095a1dd3b950554cfa","ssdeep":"384:PKCvKU9+wReE1bOw3+UhawGQGUVGAtealIAP2GPqUFmU/sAtQanuUi4i:PT/5zbPrFf1VtBzpXtI1","tlshash":"a982b36cf993245d3c9324159faf058038e87647cb4ad4153aadacc26f4820da5bbfde","size":18580,"data":"","first_seen":"2025-03-15T05:55:29.585573Z","last_seen":"2026-04-22T18:27:50.119823Z","times_seen":71,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"590cc2f6117df7b8f3b47ab865294c1d","sha1":"558eca1134370c53a9a74f79e84258872521893a","sha256":"6621ecf7bcb87ced97cb13e4aed4cd1e990a61edb0a31ea501f6a3170c4f6424","sha512":"c01260038c9c603625b924bcf5c6717ba696d5c7648b04edac5917e8adfc2f8319fb590b9021e8d0708c9e3842af77521d0199cf3aa39543155a5c6d0f793ce1","ssdeep":"","tlshash":"6b11f2f8f85b20da7cd324149baf015134e43647cb09d00936aea8822f8810da5b7bde","size":872,"data":"","first_seen":"2024-12-24T17:17:56.728956Z","last_seen":"2026-04-22T18:27:50.120696Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"b6fe158d2b791f630e7021cb11fe814c","sha1":"0b8efae5ef40c4cb36f6ac0e20929f4ee7bdcd7e","sha256":"41bbae33b51e4efabb54ffa8d9c9c9f6c24adabd11a670ec9f778597a7098632","sha512":"d0b1b343c46e7f9a314411ef04b7886314289960cecf28ba2d6ccfe71a14772283986bb87961aed3b6d4b735857a4642b129468ae802f4d07645eb0314df7159","ssdeep":"","tlshash":"ac5100c0c0000c03f0cc003c0cc0c00030300000f0c0c0300c00f0c0000c0c3c03cc0c","size":2541,"data":"","first_seen":"2026-04-22T18:26:39.819208Z","last_seen":"2026-04-22T18:27:50.113995Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"b6fe158d2b791f630e7021cb11fe814c","sha1":"0b8efae5ef40c4cb36f6ac0e20929f4ee7bdcd7e","sha256":"41bbae33b51e4efabb54ffa8d9c9c9f6c24adabd11a670ec9f778597a7098632","sha512":"d0b1b343c46e7f9a314411ef04b7886314289960cecf28ba2d6ccfe71a14772283986bb87961aed3b6d4b735857a4642b129468ae802f4d07645eb0314df7159","ssdeep":"","tlshash":"ac5100c0c0000c03f0cc003c0cc0c00030300000f0c0c0300c00f0c0000c0c3c03cc0c","size":2541,"data":"","first_seen":"2026-04-22T18:26:39.819208Z","last_seen":"2026-04-22T18:27:50.113995Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"3ab2caca5538cb0d5bbbc1c62d13f7dd","sha1":"035734da28a2ad336d54dca871e206a704a957b1","sha256":"b262ff426787a7fcbf77764d42656757e819f249d147999f35426eb333342cc2","sha512":"a1d47f0318a1daf6db52b421115b0e63a7d70e98ddf5f9833699a4852718b298d4996526d8df0fc035663d45d44fc9a318af8e00b806cac7ff4e738dad19d946","ssdeep":"","tlshash":"66510080c8000c00808000b82c82003020202020c00080000800808022080028a0080a","size":2549,"data":"","first_seen":"2026-04-22T18:26:39.820524Z","last_seen":"2026-04-22T18:27:50.12247Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"b6fe158d2b791f630e7021cb11fe814c","sha1":"0b8efae5ef40c4cb36f6ac0e20929f4ee7bdcd7e","sha256":"41bbae33b51e4efabb54ffa8d9c9c9f6c24adabd11a670ec9f778597a7098632","sha512":"d0b1b343c46e7f9a314411ef04b7886314289960cecf28ba2d6ccfe71a14772283986bb87961aed3b6d4b735857a4642b129468ae802f4d07645eb0314df7159","ssdeep":"","tlshash":"ac5100c0c0000c03f0cc003c0cc0c00030300000f0c0c0300c00f0c0000c0c3c03cc0c","size":2541,"data":"","first_seen":"2026-04-22T18:26:39.819208Z","last_seen":"2026-04-22T18:27:50.113995Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"134d8974004180564c45b5d31aaff53a","sha1":"e782700779d55c71753c2e83c737ddd75f1feb5b","sha256":"7eb458cf2afde95d64f8b19b0014547281d79481c92b2667bc041f162f5a0c11","sha512":"799181c95fac4e87f19caf98012e6b512fd4e030df64355515923e9c06816d1130fd810a1a94ae3ee6c981f848c495c2132bbe97fce0788aaad8ac8fc4a7fa3d","ssdeep":"","tlshash":"5311d469b49310583d5334158faf164034e4b647cb45d4043aaca8826f5860ea5b6ede","size":936,"data":"","first_seen":"2024-12-24T17:17:56.732307Z","last_seen":"2026-04-22T18:27:50.123593Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-04-22T18:27:50.115294Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"5b802191f5c15cd7512f28978db6cab1","sha1":"99652c1b4f3bffb8472a38f83e170579f3be52ea","sha256":"a989644e59b4fff37f3049585aacdab66815b6ca932d412c94a950d4998ba2e6","sha512":"e2207946de2afdf9a5c94214e01368f422308100a8c99133ceef41fb0912ec31cb4ed3aff1b68f17c34ace11931505c45e42e9d80fa6fdf7a0da9d45bc8e57c0","ssdeep":"","tlshash":"c15100f0c0000c00c0c0303c0cc0cc0030330c00c000c0300c00f0c0000c033c00cc0c","size":2584,"data":"","first_seen":"2026-04-22T18:26:39.825331Z","last_seen":"2026-04-22T18:27:50.121384Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"e6d9f4a7a822a53d192210623dbdee1e","sha1":"157aedb38b162723125de7a1140cd780ec3ba3a7","sha256":"d7632dc5dc884c000d20cf8801f2a066b59701847c74555c1f7ecaecfc66a1b3","sha512":"61b12d5865e1b07f40cc227e7994f706619d1c26132b8d197100e8dea35d6546ade17cc07df236dd8a0703abf502d123ca7b9184891ecf9d03a3cb5832d7d46c","ssdeep":"","tlshash":"655100c0c0003c00c0c000fc0cc00000f0300000c0c0c0300c03c0c0c00c003c03cc0c","size":2552,"data":"","first_seen":"2026-04-22T18:26:39.827081Z","last_seen":"2026-04-22T18:27:50.133472Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"5b802191f5c15cd7512f28978db6cab1","sha1":"99652c1b4f3bffb8472a38f83e170579f3be52ea","sha256":"a989644e59b4fff37f3049585aacdab66815b6ca932d412c94a950d4998ba2e6","sha512":"e2207946de2afdf9a5c94214e01368f422308100a8c99133ceef41fb0912ec31cb4ed3aff1b68f17c34ace11931505c45e42e9d80fa6fdf7a0da9d45bc8e57c0","ssdeep":"","tlshash":"c15100f0c0000c00c0c0303c0cc0cc0030330c00c000c0300c00f0c0000c033c00cc0c","size":2584,"data":"","first_seen":"2026-04-22T18:26:39.825331Z","last_seen":"2026-04-22T18:27:50.121384Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"5b802191f5c15cd7512f28978db6cab1","sha1":"99652c1b4f3bffb8472a38f83e170579f3be52ea","sha256":"a989644e59b4fff37f3049585aacdab66815b6ca932d412c94a950d4998ba2e6","sha512":"e2207946de2afdf9a5c94214e01368f422308100a8c99133ceef41fb0912ec31cb4ed3aff1b68f17c34ace11931505c45e42e9d80fa6fdf7a0da9d45bc8e57c0","ssdeep":"","tlshash":"c15100f0c0000c00c0c0303c0cc0cc0030330c00c000c0300c00f0c0000c033c00cc0c","size":2584,"data":"","first_seen":"2026-04-22T18:26:39.825331Z","last_seen":"2026-04-22T18:27:50.121384Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-04-22T18:27:50.115294Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Home/static/js/jquery.SuperSlide.2.1.1.js","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"0b9bc63ab05e21e3830da5bbb4ccee67","sha1":"d162156bdaf14217d76d920e0e57b86d8feb1d97","sha256":"349e46b2c65028736d0bbff7b829c7fc6fbdebc1fb1e8b12365a0ca2e6e9e848","sha512":"bdfa220da1f08e29f05a9984c4999d7e742bea10ad86b7e497a0d112c7992cc52b7f1e9f5430b4286f14bb2336110f85cbdc3164a92121caaf5c91961f7e69c9","ssdeep":"192:j+K3bxH+nqfhD9VUVjIItpfg5uXG3+1tSCl+7flvSXwaHxImISLTNSfYXH7Le2HE:jNcnqflKFgEWulE8REcS3j/CkR1Xh3","tlshash":"9532c65fb66635ca4597b3f1107f940d222b5965fc8a8ca0b17082c0adb9a1c243bfed","size":11264,"data":"","first_seen":"2023-04-05T11:06:31Z","last_seen":"2026-04-22T20:40:29.730152Z","times_seen":13308,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Home/static/js/layer/layer.js","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"666f4437565d197e9459e19a29f58315","sha1":"afc5c0a1369137e52b37ad5fb63f48202ce31368","sha256":"4a49651ad86a83ecbd9c2ad34e7f5c906b46ae2c4c93c1c8585148f936b7e100","sha512":"1e659ff6c47458dbbaf7e7561402c12441286c255ddec048bf654388e8666a9ceca344e166657c29fce4a08b46470b44c47e8f1c6f577adc2a4e4f4f0e7e1e90","ssdeep":"384:DQ8cuj0z4VfS7ShA3BMJOoM6bs7hwI9b4Zrxy:DQtu8CfS793QODbcI","tlshash":"5f92c85ab5503593216390a9911fa90f30f24d22eb078958f16bf1fd1ebcda562b3f0b","size":19831,"data":"","first_seen":"2023-04-11T09:52:52Z","last_seen":"2026-04-22T18:28:09.608149Z","times_seen":13302,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"72be916aec41d30e92b0ac12e5eabf2f","sha1":"2b29ebc300178cf357331cffdbeaa4219226c495","sha256":"1f1a582f830cd40e136506199d7a137e2c0ad98f4ec2c8e45f40ab3f21dfd82c","sha512":"fd83d9af00ab9ea002a406287d9344b1cb2494312d562b34a9cb8376b53b1d7652c29c0c3d48efb3738b87bb506d04de565b4b47cdd64f10359774db9271055a","ssdeep":"","tlshash":"2311d859b45310593c5328118fbf01a038dc3547cf69e80676acac822f6812d65beade","size":956,"data":"","first_seen":"2024-12-24T17:17:56.73644Z","last_seen":"2026-04-22T18:27:50.124288Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"f1d8f167ab5d0db772505d2dcfbe1b22","sha1":"18385f7c4ef25551e09093f06d1e34a8f63e3e88","sha256":"ab7e1a01e49c4718fbe110389de7c0b353e536ff7fe33ed0406959900ea1877b","sha512":"d292fd411d2d17c4dbad73f309dd69da65ee06a2f27f856d52dbbec9d74327007ce4c546c0128bcec677a37e8efd8d2a2a66f2f3eac3bd4d7eabab8186af6fe1","ssdeep":"","tlshash":"6c118468b493245c3cd324159baf258434e67747cb45d4153abcb8c2af4c20da6b7bde","size":953,"data":"","first_seen":"2024-12-24T17:17:56.737498Z","last_seen":"2026-04-22T18:27:50.128519Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"f56f990a9346c780d8c3c40ff3facad1","sha1":"fd796e44307d1e4f9c79d0dda36f19f0615bfbc6","sha256":"e70c73dd5aec8eabeebd96a0b6bd3f12fbcfcb58c8ebde8e85834d251a9b8dc1","sha512":"ac1e4441c2e7485d64d7489d891ae1b276eb8ec72739b8aad1330034f75bf1c6e9a2df2d7426b3a46c82d5dce2ff1c29b9dafef7e51ef0763e060bf9fc4e1f37","ssdeep":"","tlshash":"df11b16cf49328583d5364118bae394038f477478b45d40537edb8822f4820ab5f6a9e","size":963,"data":"","first_seen":"2024-12-24T17:17:56.739953Z","last_seen":"2026-04-22T18:27:50.129294Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"b6fe158d2b791f630e7021cb11fe814c","sha1":"0b8efae5ef40c4cb36f6ac0e20929f4ee7bdcd7e","sha256":"41bbae33b51e4efabb54ffa8d9c9c9f6c24adabd11a670ec9f778597a7098632","sha512":"d0b1b343c46e7f9a314411ef04b7886314289960cecf28ba2d6ccfe71a14772283986bb87961aed3b6d4b735857a4642b129468ae802f4d07645eb0314df7159","ssdeep":"","tlshash":"ac5100c0c0000c03f0cc003c0cc0c00030300000f0c0c0300c00f0c0000c0c3c03cc0c","size":2541,"data":"","first_seen":"2026-04-22T18:26:39.819208Z","last_seen":"2026-04-22T18:27:50.113995Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"fe84461ac265684cd4e8443a73684daf","sha1":"5c59114051b6d142275570fb4d72f248a1e5b86a","sha256":"70651d0618a2be83cae3596fa3a0cf04d1ac661569c3ff0d826a225c1793c637","sha512":"e74fdb07daba61c2b5f1a489f3e4f8bbf2502982078817687e81f5eacfcc3e00a3f815e54b7f2e6b388644dcfdad9a3910ca0ffc70d79b319a50e65a7f04a892","ssdeep":"","tlshash":"ce11b16cb557106a6c5324119baf114038eab7478f45d40437aca8836f58109f5a6ade","size":935,"data":"","first_seen":"2024-12-24T17:17:56.741028Z","last_seen":"2026-04-22T18:27:50.13123Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-04-22T18:27:50.115294Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"565216956bacfaf2e46213ed6b38549c","sha1":"106df23b7992e68ce57e2a1668d62c7fcff79721","sha256":"c4926aea646e632ad2bdd3a4d5668163d5f6513755e71706b3566f23f8251c40","sha512":"9ac5e100fb0c1239d821d6c5c5b8658fa316918ce4df2fad3c2da7a4b7e1327c5d9d0d29c3b3520f9b45790784fecc8da4b477e256c8c981b8241adf05ee7baa","ssdeep":"","tlshash":"6a510080c020cc00808000382cc2000220300000c00288300c008080000c823c0a8808","size":2547,"data":"","first_seen":"2026-04-22T18:26:39.831806Z","last_seen":"2026-04-22T18:27:50.118337Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"b6fe158d2b791f630e7021cb11fe814c","sha1":"0b8efae5ef40c4cb36f6ac0e20929f4ee7bdcd7e","sha256":"41bbae33b51e4efabb54ffa8d9c9c9f6c24adabd11a670ec9f778597a7098632","sha512":"d0b1b343c46e7f9a314411ef04b7886314289960cecf28ba2d6ccfe71a14772283986bb87961aed3b6d4b735857a4642b129468ae802f4d07645eb0314df7159","ssdeep":"","tlshash":"ac5100c0c0000c03f0cc003c0cc0c00030300000f0c0c0300c00f0c0000c0c3c03cc0c","size":2541,"data":"","first_seen":"2026-04-22T18:26:39.819208Z","last_seen":"2026-04-22T18:27:50.113995Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"a7f62e1d9908c256a320ee5fc026eb8f","sha1":"a981fc357123dfd6e71a62a09cf57831da43e428","sha256":"642649706ccd4f644d46432f0d25d54bccfdd0739e14617b74243c5b9003f79d","sha512":"4e66194179da0452e52811796d113af77e70621f052a8a7da49f971e647b0f4a86d6059aa4ce1e7939b38fbbdc897de0710678a922f31b71b50023cd88b62ebb","ssdeep":"","tlshash":"4311d469b553105c7d932411afaf254034e43647cb49d424beaca8923f4810de9beede","size":947,"data":"","first_seen":"2024-12-24T17:17:56.743928Z","last_seen":"2026-04-22T18:27:50.132027Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-04-22T18:27:50.115294Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"565216956bacfaf2e46213ed6b38549c","sha1":"106df23b7992e68ce57e2a1668d62c7fcff79721","sha256":"c4926aea646e632ad2bdd3a4d5668163d5f6513755e71706b3566f23f8251c40","sha512":"9ac5e100fb0c1239d821d6c5c5b8658fa316918ce4df2fad3c2da7a4b7e1327c5d9d0d29c3b3520f9b45790784fecc8da4b477e256c8c981b8241adf05ee7baa","ssdeep":"","tlshash":"6a510080c020cc00808000382cc2000220300000c00288300c008080000c823c0a8808","size":2547,"data":"","first_seen":"2026-04-22T18:26:39.831806Z","last_seen":"2026-04-22T18:27:50.118337Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/js/jquery.flexslider.js","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"242034cacf5d08f9a4f4df40208f830b","sha1":"56cffde8b9ca0b7e3161714b786651ac2b87a953","sha256":"487639627bd943c11e40764b968904c921e505bb73f0ae5d7367c8c8ff84a526","sha512":"fcbb4ccb030b5d9dbd4c96c44de7387ba9dd4963f14034ddb2a0ae77ef10e08167290d56565afceebd03e68a3d40d3bdceea903490e6bd0c509afa9ef034582c","ssdeep":"768:oILMsh61e6anxUS1cdeAzMuwskDkg9iPFi2PU1SFzuLdu:kynN8P1PU1SFzuLdu","tlshash":"3043ff1a61b2166589a372ae2f5fdc14eaf78343901dc969fddd030cdf4442806b6bf9","size":57384,"data":"","first_seen":"2023-03-07T17:01:43Z","last_seen":"2026-04-22T18:27:50.061424Z","times_seen":669,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"6c3f02f6d67f72b39526de45f99887f5","sha1":"0ce53d46b8f83f30c994e427e89db57d224fa03e","sha256":"9f47123bbfc2f11ad77796f85911e688279150f8dada01c0bd73c7407cffe602","sha512":"d47498ec8cb9ec3bfb3526186702add9a4db2aa968640a460018fe5a806079f094439508000702b8ce435c109c49fecf78356b85f747620fdc547e4bafa1082d","ssdeep":"96:zUH9w/iICyLGH9w/aICy3eH9w/8ICyxDdwH9w/mICy5+HdwH0IyC:zM9w/iICyL29w/aICy3u9w/8ICyxDdIY","tlshash":"eca1e668f893245d7c5328259faf058038e47547cb49d8157abcac826f4820ea5fafde","size":5011,"data":"","first_seen":"2024-12-24T17:17:56.745193Z","last_seen":"2026-04-22T18:27:50.132736Z","times_seen":78,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/bootstrap5Slide/scripts.js","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"48477ea73f8709a6c29d7cde0cc83e55","sha1":"5dc30fab107725dd71ab343d70b9e6267ea68cf1","sha256":"fd67e1f083236a6c171d2275401174ea62a6f24fc81193d55653080a236a209a","sha512":"0932287b99d7c96929e7464b6684fe399dfcaaea787dcab28fa0879094b5eb4d92139260fecde4ffe430eca3986430f98a72fc523332c4e476bee9ea2226b1b3","ssdeep":"","tlshash":"1ee0cd91761d4f9d1ccc3257996092c576841524e401f06790374c6c0a9584225fb7fc","size":298,"data":"","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-04-22T18:27:50.052952Z","times_seen":6103,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-04-22T18:27:50.115294Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"230dfa9d563e8cecff99cf1ecb6d11e2","sha1":"9d5a1ea4b2b2895dedaf0d8ab2927e641e153471","sha256":"36a54f99265f3c3b8f533538c4ae1dcc8847fca78322ea6bd85a7c64e1383564","sha512":"112917bbec71614d2890ef5258af7e61cb24a54f535d768c80bb671d0acb749111368a278f645ce6a0bd4736eadc99cfb9b8f423c8b7e1645727adb0665a3eb9","ssdeep":"","tlshash":"f65100a0c0000c00808000382cc8002030288800c20880000800808220080028200c28","size":2555,"data":"","first_seen":"2026-04-22T18:26:39.834774Z","last_seen":"2026-04-22T18:27:50.116581Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-04-22T18:27:50.115294Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"dd88769f66853521c4eb1386fb31f5af","sha1":"f2e5b632c5fa6c667cf33cfcd7353206383044ab","sha256":"f4d545af500f264647a269ee45c099feb11c3dbc962ddcbd623b001a043f227f","sha512":"00e45cf300ad73445c7b7e5211f3d73859abd2fafb0c9c7f3bc147b392c656dcc737c7cb2b243d1cbaf7d911dcd12c55f5bd4d4ecad24bf48675df106e4c8c5b","ssdeep":"","tlshash":"635100c0c0000c03c0c0003c0fc0c00030300000c3c0c0300c03f0c0000c003c03cc0c","size":2558,"data":"","first_seen":"2026-04-22T18:26:39.83618Z","last_seen":"2026-04-22T18:27:50.130049Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"3ab2caca5538cb0d5bbbc1c62d13f7dd","sha1":"035734da28a2ad336d54dca871e206a704a957b1","sha256":"b262ff426787a7fcbf77764d42656757e819f249d147999f35426eb333342cc2","sha512":"a1d47f0318a1daf6db52b421115b0e63a7d70e98ddf5f9833699a4852718b298d4996526d8df0fc035663d45d44fc9a318af8e00b806cac7ff4e738dad19d946","ssdeep":"","tlshash":"66510080c8000c00808000b82c82003020202020c00080000800808022080028a0080a","size":2549,"data":"","first_seen":"2026-04-22T18:26:39.820524Z","last_seen":"2026-04-22T18:27:50.12247Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"6762eabd88d58866ecdbe3f555bfe6dd","sha1":"4a56070bf0816ad79bcdaab2cbc4336a88079585","sha256":"991f79902d13b7113ca49d4355ee044f6584d231681399694b2359c804c67d38","sha512":"463d26672ee7256df66dcd64253744e674906e78327d8f447513694060fc8f46ba78c5d0192c3ebaa040851dfceba1e088dca59845453787e26b79d453b88ab3","ssdeep":"","tlshash":"95410351a3476cd568f3a96f1f5390120c3924232947c9183f5ed7e08ffae93a064ead","size":1894,"data":"","first_seen":"2025-03-15T05:55:29.604071Z","last_seen":"2026-04-22T18:27:50.13632Z","times_seen":69,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/bootstrap5Slide/bootstrap.bundle.min.js","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"8831aa095cdec88f66c2e46c339cf352","sha1":"5db4c40dbc6bd3d9623ee98a2061dd265885cf2e","sha256":"79d443b15f542c8a8acca8e937f2a3c90ecba78bd49fdbac6c9b878c7f1293e9","sha512":"b07f093e128951e03d3d693778e70e97c53e95f65382d0570f8d6ae9c3bfb25c311870b129c5b8e4ae283c25211c6ecd301e266ca11d75598fb935eda5b09b14","ssdeep":"1536:GaPTJR2t4PqiiyuL5FehgTr1voCBZx6wVlLBkS:4OANBZVV5","tlshash":"0f73c5493254b87309ee15a68037460bf7256d94b14b802cb5bdacde2b3dc8672b7f78","size":78748,"data":"","first_seen":"2023-03-07T01:34:42Z","last_seen":"2026-04-22T18:27:50.069436Z","times_seen":7517,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"fbbb012e519b910a02da83ac6d3112da","sha1":"a03af70ac8200203516bb605834e1e3a1a061948","sha256":"b3f004b5887b020f0abc7d1046d655e1b275a9eb354f05212175561521105a47","sha512":"5c76b4a0f8abfa543ae0c28835d8685715b0899a787e39f251d28a06484c9f51a0de7dc1fc258b4891080768550ee830e5b0594bbac8a8e61594d117ce751b80","ssdeep":"","tlshash":"6cf0c96e0a1ed7ff70a80235532aa2ef70cd4baa90076807fe87021716ac118bc01ea1","size":527,"data":"","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-04-22T18:28:09.644739Z","times_seen":6968,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-04-22T18:27:50.115294Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"9efd226d0221b065cc125456f5881d2e","sha1":"5a3aab17085722efbd72b0fb88fa77cffa4766bc","sha256":"536167be9affbd8d39d5afddd7ba6660d34e7796c5a81f0ca8bc40657c0a11d6","sha512":"81847457937451cf4f1ecfc6e2714051c38f4af0abe0f3a003e250ea8006f97e69010a16bf43b28e68857061f02346b45dc38c9e20b373bf50d7be05ccdba69c","ssdeep":"","tlshash":"95511f8deb5d046c89fb83d81e2c55cd42ba2e201c63ec369cf54e4676095b8a939d3d","size":3050,"data":"","first_seen":"2026-04-22T18:26:39.839095Z","last_seen":"2026-04-22T18:27:50.13778Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"3141c18a9605b1422295c9e48d668c9d","sha1":"0e035fdbc893334e85d674527229f5d2fd9c8036","sha256":"1c439327512b5147799af88283ca39d0f13d331bea70d2ec3e479177c6c595c9","sha512":"9de6cc7247eb894a1a5a05a3cad42883bb7478bd38bb37e22c7ac97ae476b6a843adb97e0ed0c1ba44db35687a637a8ada2d6197fdf51b66ac1e46fb0d0863d0","ssdeep":"","tlshash":"05d05ec3ab4d2058587f319784eb15cc005c467288920d89bc3d91908ca01ec5371f2d","size":255,"data":"","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-04-22T18:27:50.138877Z","times_seen":5207,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"565216956bacfaf2e46213ed6b38549c","sha1":"106df23b7992e68ce57e2a1668d62c7fcff79721","sha256":"c4926aea646e632ad2bdd3a4d5668163d5f6513755e71706b3566f23f8251c40","sha512":"9ac5e100fb0c1239d821d6c5c5b8658fa316918ce4df2fad3c2da7a4b7e1327c5d9d0d29c3b3520f9b45790784fecc8da4b477e256c8c981b8241adf05ee7baa","ssdeep":"","tlshash":"6a510080c020cc00808000382cc2000220300000c00288300c008080000c823c0a8808","size":2547,"data":"","first_seen":"2026-04-22T18:26:39.831806Z","last_seen":"2026-04-22T18:27:50.118337Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"bf95500273e223863fb94c92f109146c","sha1":"31394f13102ca1469f025cffb3530836c51f85b6","sha256":"e8117162c76e2778b4dcc5f3c66b44082fd5f85ec3160e411eab35a486351a25","sha512":"ea46e24dd1b246bed230b07cfec730bff714db0f5ea4b6f81daeb2d487d4b107f7fceaf22769c6c2060feb969206f1502bc6cb8b5f07e240f8a18c4079bee46a","ssdeep":"","tlshash":"7d5100e0c08e0c22808080380cb0000220208000c8c08000080080800008002800080c","size":2563,"data":"","first_seen":"2026-04-22T18:26:39.841376Z","last_seen":"2026-04-22T18:27:50.134611Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-04-22T18:27:50.115294Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/10.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.803Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/10.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94b2-7cc\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1996,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 89 x 88, 8-bit/color RGBA, non-interlaced","md5":"cbeec0f8f7153d9ada12286cd320f9ff","sha1":"2f47344e6cd3507eb1910a92b9e6b79e0cf9c38b","sha256":"23bbb31ebd8c5d2dfc6d54e09e8b1ce67e08a632cc7fce4fd19d04721bc3da6a","sha512":"4aba7ea861f215d84de679e7898e93689a57a3a9919f15b73d2ffcf8414f7639a4d852cca74065964f59e88b4804033f8c98ab87cdc3fa5b4a7671430f481605","ssdeep":"","tlshash":"1c410a492b96646aa9a1425c42c15bf5fa3e34adacd87e80edd08658f08eb2805b8658","first_seen":"2025-03-15T05:55:29.544213Z","last_seen":"2026-04-22T18:27:50.077184Z","times_seen":66,"resource_available":false,"data":null}},"time_used":870,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":870,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_bal","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.432Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_bal HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=bal"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":226,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"73ec2be2c2ae4a9573bf542fbe7eaeb0","sha1":"c823c21949927445ea7751cc48e806083083f870","sha256":"9e1f7f3c6303bf3248895b2ab7059839899bbf7d807eb41ec40f1c949c4ae206","sha512":"1d3ecaff802c7fc300f888f665af29076f683f998cef79d62093f4a2c45b7c151aa82a2a7881fd5c3bdbee392eb8dc8bef0419928e5714bfecbcba84257fdfd4","ssdeep":"","tlshash":"66d0a7e43f744ae6066163c168e6177b545dc0808041430697becf615dac7197d05c21","first_seen":"2026-04-22T18:26:39.678454Z","last_seen":"2026-04-22T18:27:50.091557Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2548,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2548,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_xmr","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.445Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_xmr HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=xmr"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:08 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":245,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"8d3b94c1a21e601b20b36e1438830490","sha1":"758d0b221a8338796e9cb54468b89e6685018547","sha256":"f0a45b19d83bc2cd53976e81efe0f42c4bf6a075bc99bf8d2e661286d6fc21e4","sha512":"84bbf268f727013d9ed36dd1bd8d1b4f2f11008774e8d812e3623ce4a805305797141e8ff8f070d10a94326fea7a9e3de2530752c9a4643fea61d70d012757e8","ssdeep":"","tlshash":"25d0a5e06e74441505e2e7c278f53b7d149dc18180c5464557edcd311d7852e7556c23","first_seen":"2026-04-22T18:26:39.68289Z","last_seen":"2026-04-22T18:26:39.68289Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2538,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2538,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_btc","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:21.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_btc HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=btc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:21 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":245,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6ee9178b9c1f7827ea9c2b8f0e5ba5a5","sha1":"e1136e85a5f357429674344df62e6f02060ffe1b","sha256":"15a0672c1cf7edf09aa53f4b87d09e05a52e1398217bfebe65363731d23d00f2","sha512":"7c7a90d6cefe427505c6fc930807db02280be7436b49a81f526b9394aa0aade4c86a6a73bbb5d5b55a58501057176672149f25b08b8e2891edd9bdf378cbaec0","ssdeep":"","tlshash":"45d05eb02b3589351c73e7d1a4e92b6e184e05d3808602596afe8e6816a820c2113922","first_seen":"2026-04-22T18:26:39.687525Z","last_seen":"2026-04-22T18:26:39.687525Z","times_seen":1,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":345,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/ETH.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.707Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/ETH.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3ab-adc\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2780,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"856bfdb63dc0d6fad6b92fc6a29719e1","sha1":"2fed2e3409ce1bbbfb37f6da4abeecc30cefc021","sha256":"eebe29898b8b7de5c9e47daab474152be8095e3ab42d768b84b085c5a12b95c6","sha512":"a61c0a108d63c89ae62a2b03108480b5c08bda0e80049089a2a84cd7973bd9e94dcd2902e166b92e1d7ad5b7356357c9b181cb1b6051dd25913e82d2420154f0","ssdeep":"","tlshash":"51518cc7a707f33a9c866161bed44509f244d80a8160b31c0f33a7572c8a83ea4f324f","first_seen":"2023-05-01T18:49:36Z","last_seen":"2026-04-22T21:20:06.776061Z","times_seen":21040,"resource_available":false,"data":null}},"time_used":882,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":882,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/CHZ.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/CHZ.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3aa-13f5\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5109,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"2b457b22e9dd64aff296943ce340e39b","sha1":"1a6df942d2444ffe89314234db270f625e99b04c","sha256":"5cb03d2a32e3eb095ff58017138d1dd83cbb535bc62800c4fc9079bc4a5eaf28","sha512":"8043dea1d186d07a7d18aaae7ecf65d4f1731f14a85e7a96efe9fe67969b9154cd978a175274f475a1882f031a45a5ec36b1cbd9273c15bcd49b6c627990b205","ssdeep":"96:rKMGADzM6KSkXoJi+qQFxda8WP2mdVyHTkR6I9RapHhQe52sg:3GADA6hkXJ+qgxdIxjyHQM0apHKe6","tlshash":"6eb17d7f1860523e53680e3112c187e411e20c937e984b568cb19a1867bff5c17f49fb","first_seen":"2023-06-03T12:58:34Z","last_seen":"2026-04-22T18:27:50.044531Z","times_seen":319,"resource_available":false,"data":null}},"time_used":876,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":876,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_1inch","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.425Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_1inch HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 10\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":10,"data":"coin=1inch"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":258,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c3bf19c1609dd6a72d01151cc2590707","sha1":"87862aa9a65f2e63ef4991c5d99e2ec3d89fdd6a","sha256":"77e7e72b29ae9a821e1bc4f0c4c1ee814751aac54b90e2fdf6c3e53fc6a69a75","sha512":"d527c4a338ef879da60076829570192680cccc95930f260ab726dda0ce853166b1f064212f492490e65fa01c4cd306eb0865ca897c36d4e0487ebc4f18bcd482","ssdeep":"","tlshash":"7dd02bf03a35036018b2f7e174ec2a7d7c6dc08584c0120597fdcf7255a8f487101812","first_seen":"2026-04-22T18:26:39.69128Z","last_seen":"2026-04-22T18:26:39.69128Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2544,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2544,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/04.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/04.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94aa-1886\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6278,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 166 x 166, 8-bit/color RGBA, non-interlaced","md5":"129d347ccadd5ba894e065094c2d0d2e","sha1":"66c9c7aa0580f9df7120b4a4c329a51004952a3f","sha256":"f11e4ff7def251986be5a1448f152d66e015e9cfa33badc89e8c1b6b4b8ec7ee","sha512":"6838dd37a3be23682a2d1809f3d9bce9854450048df2dbe4b40f852363932810010c481abe770f1b651cc5c2950f626d8d96e31b3d972ab62dbd8b806d1f0011","ssdeep":"96:uHcuVkytbFJuTLKo5rtW2MnVR/khwCpvBVSPTfHdSvPVjU4zuX1E:uNa4ruXLFsvOXpZVSrfHdkVjrulE","tlshash":"abd1ae14cbc1f99bdbd2152e2abd00190af1429815c27244eab76e5fa8fc4883e0d2dd","first_seen":"2025-03-15T05:55:29.531991Z","last_seen":"2026-04-22T18:27:50.105583Z","times_seen":67,"resource_available":false,"data":null}},"time_used":872,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":872,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/06.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/06.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94ad-1b7d\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7037,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 166 x 166, 8-bit/color RGBA, non-interlaced","md5":"531f22459b2267c88d4c764feca7ed0e","sha1":"98056833a55cfbd4b2db51079fdda11733fe04ea","sha256":"ef86b87d812b9f2fa27fd2d349366318ad2c796877a8eea2fcae343f039fbdbb","sha512":"63cabed822d2357caa6f1cdfb6e5476e6bf34f23745e55ae9cc8cfdb840c0ffa2bc023b5db6759e72aed52b36df9c805b8a4c1f560bd1ddf1204d2f61ec2f91d","ssdeep":"192:QJzQ8aT3YqoWbksgOZceIP/J7o+6YEg31NvexLIb:WzzaT3c+cp/9933Sk","tlshash":"10e1aeffa9243523208d1187598e05aae65579e98e55ec0593e60372b42de1ca832b25","first_seen":"2025-03-15T05:55:29.57181Z","last_seen":"2026-04-22T18:27:50.084179Z","times_seen":67,"resource_available":false,"data":null}},"time_used":872,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":872,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/XRP.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/XRP.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 13:56:01 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6453b971-f61\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3937,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"7f4feb23b128c1683aa4bc450a625aa4","sha1":"4c022a2d5fd79660e39f614b0df8ce8bce9bcd90","sha256":"9b749ac3ebc1d5d7efb452e30695a43e340bafe8864abc48af63a548f607fddc","sha512":"e456437862ad7a67dbb471d853f738191e3f0fa372c87ac14e0e362270b8dce3b574b9302b9c33e4584eca98a8525490ef16b9442bf7cbff467fd361a9a345ae","ssdeep":"","tlshash":"7b813d97ef90cf2c66e7b7758baf5c45f4613820e0d7d1cc441a19a4618a693c9f2378","first_seen":"2023-09-30T09:31:08Z","last_seen":"2026-04-22T18:27:50.010505Z","times_seen":266,"resource_available":false,"data":null}},"time_used":880,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":880,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/07.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/07.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94ae-746\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1862,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 88 x 88, 8-bit/color RGBA, non-interlaced","md5":"68d2998f48a4c12d128c3d1ad70b9a90","sha1":"381d95fe09181d30538ff1c9c5c0e7afd8a095bd","sha256":"ff62b0065cd9d07202222399a26977e59452771a0ec9e6abc21f2abb7ee558ba","sha512":"1533ed2c1f21ce53861cf40afdb54bfed134eeca2bd32262ed99194418898c797827425ba8563c4e81b36d1a242357788e2afd1cc2f6531c77945ee53a017054","ssdeep":"","tlshash":"b331f9c27bc09faeccd18707d9f8c95d5e3269ba884627405d73b106de0d4560fb8a51","first_seen":"2025-03-15T05:55:29.536588Z","last_seen":"2026-04-22T18:27:50.063369Z","times_seen":66,"resource_available":false,"data":null}},"time_used":871,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":871,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_doge","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.390Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_doge HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=doge"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":252,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"7e613f83333d3c0448ed7667bb965ee3","sha1":"4da33e2ad778e0e87e33eaff4a3093e05594b2cc","sha256":"34fcd5e86b4fd1450ad0c4272a4580d29e614f8bf4247b282ecace62ebfb704a","sha512":"8306a6bed7b772aea9a6c436e9eba376faaa09011ed979d57e2c006c57479ac4f9079733d8959c94cc8faf79a2d73aed7ddb8de8563b9b66764f462388b8ce89","ssdeep":"","tlshash":"54d095e43f3c05251ca1b3f26cee233f204d08828440470411ff4eb5506c72e3516831","first_seen":"2026-04-22T18:26:39.706949Z","last_seen":"2026-04-22T18:26:39.706949Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2566,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2566,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_btc","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:11.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_btc HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=btc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:11 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":245,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6ee9178b9c1f7827ea9c2b8f0e5ba5a5","sha1":"e1136e85a5f357429674344df62e6f02060ffe1b","sha256":"15a0672c1cf7edf09aa53f4b87d09e05a52e1398217bfebe65363731d23d00f2","sha512":"7c7a90d6cefe427505c6fc930807db02280be7436b49a81f526b9394aa0aade4c86a6a73bbb5d5b55a58501057176672149f25b08b8e2891edd9bdf378cbaec0","ssdeep":"","tlshash":"45d05eb02b3589351c73e7d1a4e92b6e184e05d3808602596afe8e6816a820c2113922","first_seen":"2026-04-22T18:26:39.687525Z","last_seen":"2026-04-22T18:26:39.687525Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2824,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2824,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/laba.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/laba.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:05 GMT\r\ncontent-type: image/png\r\ncontent-length: 657\r\nlast-modified: Thu, 27 Apr 2023 15:28:59 GMT\r\netag: \"644a94bb-291\"\r\nexpires: Fri, 22 May 2026 18:26:05 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":657,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 41 x 30, 8-bit/color RGBA, non-interlaced","md5":"9922ce5610e60c1b36d997c0a1e19f3d","sha1":"de825176c21b98e6f80ad0821374b33832087686","sha256":"a958b6d624b2d1320fb2a3831b68ed1665208db708aced2868aee7bad5257206","sha512":"7505d8c2edea3e033c0148ae9099333a7f39ce6d77bb7ab2e78e8c9292efed5a563b23e0c34bfa8b3e2d6d3721d9948c5322742dfa99828e33262d24a96a4f33","ssdeep":"","tlshash":"a20128d7417320bd6a8921e34c814447da733fff06555951103cc76650f755e627a642","first_seen":"2025-03-15T05:55:29.555381Z","last_seen":"2026-04-22T18:27:50.005678Z","times_seen":70,"resource_available":false,"data":null}},"time_used":1137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":887,"receive":250,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Nunito:wght@400;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:06.239Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /css2?family=Nunito:wght@400;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 22 Apr 2026 18:26:06 GMT\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5463,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"721a040ea564a6f1097d3c9fc78e4478","sha1":"969b3a763c65bbea8dd653387efe6482fd53f614","sha256":"1eab5e802b5f0457aaad88e630b825da8ed3ba340a35a34b5f6901d9d84bdad1","sha512":"44cce6feb92211ced4be081e6a2c9c0c63b0fc22a7243396544d0d88b4736d6e6d62ee3cad5136dda1b21e3f4eac55d6b465a0b28922df3565bc5bef366db625","ssdeep":"96:BOEabTxOEa7FZOOOEaKOEaQJc+uaOEaENqOxMabTxOxMa7FZOOOxMaKOxMaQJc+m:OH+yptkUkH0yXLkeLHbywkkdH","tlshash":"5eb17891045bd400aa432cc667cf7f37ed4e62113464c57aebfd9898ecabd272264b1e","first_seen":"2025-09-17T11:57:27.939025Z","last_seen":"2026-04-22T18:27:50.084802Z","times_seen":1108,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":85,"dns":1,"connect":21,"send":0,"wait":31,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/new/6.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/new/6.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 07:15:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a42495-32a1f\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":207391,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 856 x 400, 8-bit/color RGBA, non-interlaced","md5":"670ecaecfff72572e89a339d91a08e3b","sha1":"4b1816f239c121542c68fc139ca857ff209b88bd","sha256":"958ba7b0f46edb40e8a5bdc204cb275f2bf4e4c6f8e23653cf0ae871c9289308","sha512":"da4f2bddccb6f4864a7b6adb63534625219fdef47d7406ca3595a03a4df83d87a73352c0ba77879b483c3546e8894955108dd21411781f4df1de18eda9c53044","ssdeep":"3072:XH4NNTrl3D6lyiiXrJ92w3ImKcStCkEWb7Z9Z7I0wzBRavyqWnqv/8s35671L3xI:XH4H9DbpJgw3IWSwidwzjpPu3QphNpTI","tlshash":"781422a47e53801ee12e50132fade20c84697ca79b45a7b45f89360ac7effa151e1fd0","first_seen":"2025-08-19T12:54:30.883822Z","last_seen":"2026-04-22T18:27:50.007977Z","times_seen":5,"resource_available":false,"data":null}},"time_used":885,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":885,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/img_map.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:06.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/img_map.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 10:31:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a4526c-705cf\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":460239,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1400 x 850, 8-bit/color RGBA, non-interlaced","md5":"d97e46e39c059f9906db4d22fa1c1898","sha1":"ec1d29be89cb9920acb1f7f4a9bc3140e57ed272","sha256":"2c0979d901899472ecb03090be9da836ba2a12bab2de7605593341fe26522a54","sha512":"96cec1d32ffed32708b407c7e6424a3aae3f945f9eb660e6559a7c945877167595410c7c76325ee2147ba18b42a3690519f285c52ee8e24c71098dce130659ce","ssdeep":"12288:XvrdZRvGppqzg+4fqHYdcFAlrjbgIR82uKHN2ff:/gpqzT2qHYdcWtbDR82Ltaf","tlshash":"28a423f1b62f84efdcaf7536c321821d92e4dac80a5bcbe57920ce520352a444edb759","first_seen":"2025-08-19T12:54:30.925938Z","last_seen":"2026-04-22T18:27:50.019852Z","times_seen":6,"resource_available":false,"data":null}},"time_used":2391,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2391,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_crv","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_crv HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=crv"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":241,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"81bd746bafad2e1ee4d49be29c4c7927","sha1":"2643a1fca62cb96e70435654992857b00ecd164c","sha256":"b7b034ab10e5a7c0406a16a17380c83f74836e8ed551abd785c7804029ae34dc","sha512":"1246211a1855c517e55827fd278392e745e81c14d602445733c288fbebfd4b1022d2cfa7267429edbdff363ef8a175ecc87479330c18e3801fbc14d487eaadc0","ssdeep":"","tlshash":"fed0a7d0ff380c271f2af7e16ce9171e548f1d8680c5020e66bd4d74149c50d36a2c22","first_seen":"2026-04-22T18:26:39.71273Z","last_seen":"2026-04-22T18:26:39.71273Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2533,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2533,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_btc","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:19.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_btc HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=btc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:19 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":245,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6ee9178b9c1f7827ea9c2b8f0e5ba5a5","sha1":"e1136e85a5f357429674344df62e6f02060ffe1b","sha256":"15a0672c1cf7edf09aa53f4b87d09e05a52e1398217bfebe65363731d23d00f2","sha512":"7c7a90d6cefe427505c6fc930807db02280be7436b49a81f526b9394aa0aade4c86a6a73bbb5d5b55a58501057176672149f25b08b8e2891edd9bdf378cbaec0","ssdeep":"","tlshash":"45d05eb02b3589351c73e7d1a4e92b6e184e05d3808602596afe8e6816a820c2113922","first_seen":"2026-04-22T18:26:39.687525Z","last_seen":"2026-04-22T18:26:39.687525Z","times_seen":1,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":345,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/02.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/02.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:29:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94c4-1774\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6004,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 164 x 164, 8-bit/color RGBA, non-interlaced","md5":"427f187da485ae1eb8b37166ea4bdb52","sha1":"e563c994b0b025e87e59c6f05119290af8200766","sha256":"f5a54d35e121d6b7927803c6b3e9740ef66e19b0a3271be1f78fbbfdd7258ac9","sha512":"3004c92f5edac978b91b586b519a03e0a4ab40319517bedd8039278b3683a25ea0c0d1c8f927478ab80558bdb92a7a5ba7669bf6c7aff54de4e3f07166dfee26","ssdeep":"96:UZdW5NqbiSYZC2RX/QHvfQnLREVXEECneHcE4P1A1fzqqHPTEhf2N0l1NlwW/D:ULECVYEI/ofQLRUjpHKPSzbG2N0hl/7","tlshash":"23c18ed38302107f52f54f6140f990b7a57b04ae868532e8f67969c7c68df5c947a0cd","first_seen":"2025-03-15T05:55:29.528231Z","last_seen":"2026-04-22T18:27:50.021659Z","times_seen":67,"resource_available":false,"data":null}},"time_used":874,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":874,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Home/static/js/jquery-2.0.0.min.js","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Home/static/js/jquery-2.0.0.min.js HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 06 Nov 2022 06:04:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63674e81-1493c\"\r\nexpires: Thu, 23 Apr 2026 06:26:06 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":84284,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32061), with CRLF line terminators","md5":"e22f82a5194d1f03ecb712baad2df66c","sha1":"6a9afa00acf537cbdede4aea27f01f8ef6ab165d","sha256":"ac1b82725819fba761d03c03a208214a9157bb026cc5e843d43105970407603a","sha512":"141dcfb31585ad569e19e7769d32a5544219fc1a010611337777f093b1c7143cd8de374b1b50484709a7f42fa472561bbb8976510d06f62f2cf34e3426bde0d7","ssdeep":"1536:DPEkjP+iADIOr/NEe876nmBu3HvF38NdTuJO1z6/A4TqAub0R4ULvguEhjzXpa97:oNM2Jiz6oAFKP5a98Hrq","tlshash":"f583d6d9b2c27062977734b850bf410bb17a98dab80c8c60f0a4d5e47eb4a8d517bf2d","first_seen":"2023-03-07T12:26:50Z","last_seen":"2026-04-22T20:33:07.896932Z","times_seen":804,"resource_available":true,"data":null}},"time_used":1399,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1399,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/bootstrap5Slide/fonts/flexslider-icon.woff","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:15.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/fonts/flexslider-icon.woff HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/Public/Static/bootstrap5Slide/flexslider.css\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:16 GMT\r\ncontent-type: text/html\r\ncontent-length: 504\r\netag: \"66541f8f-1f8\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":504,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"b7f6c24fcd751e5a437f9a3700aa7074","sha1":"7462bb1e33a7a761363945ff31ff3e2b3a58c04e","sha256":"d7ee9daf35876b1fd867a1bff334dd0a2bf441f47b2cb3b8c4b7e33723d58678","sha512":"0af608e297389b14ff920bdc9335b777dd8314abe14da03627c62cf672b4218c47f7a91de98bd4e59e0b978c1f9ec1cb6ba2758542e51b0044b7972a486b8cfb","ssdeep":"","tlshash":"54f09e8340e14429111041302e9060054f4b7d8bdb5b4d0138afb1bbefc6a84c5635cc","first_seen":"2024-12-24T17:17:56.68958Z","last_seen":"2026-04-22T18:27:50.022568Z","times_seen":73,"resource_available":false,"data":null}},"time_used":317,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":317,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_xrp","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:18.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_xrp HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=xrp"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:18 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":245,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"3b6e65c76c37803729b711a85530ad99","sha1":"5f6c8912beca6fb749e778c37a46231deb68b754","sha256":"33b1c839f0e4225359101c9222ffb1292f11b7ab26b0e537769ec3a3c87b10a8","sha512":"a06ee5afcb60581ed0662c8027490717aa509ad13d2ee396c3689453e31abd0ab8653581aa2d9d8e0a29337740df7131124cebd9eca153a5bb42fbb1c925a946","ssdeep":"","tlshash":"fad097823f3d01241c23b3c2acd6236e380c8042c0d1030b2afe8e3c20ec20cb222c32","first_seen":"2026-04-22T18:26:39.718429Z","last_seen":"2026-04-22T18:27:50.03364Z","times_seen":2,"resource_available":false,"data":null}},"time_used":329,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":329,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/indexP.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.696Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/indexP.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:05 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 26 Jul 2023 14:31:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64c12e4a-27244\"\r\nexpires: Fri, 22 May 2026 18:26:05 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":160324,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 990 x 1320, 8-bit/color RGBA, non-interlaced","md5":"69a92f1afe2ba588733b9f91a0870957","sha1":"7f80a5d786fab18fe038f728f822204038f1103e","sha256":"e19e126f75a2c3520bf7633ab9ab5fb49e071f82d83a9465f9da46caa73c51ec","sha512":"b8ff35ef5972d3aa65e6c01fb3910846ac1ab6af43c70c16dcda9cd47cd31f99dadf49b3ace9fa3b6f6e129ad0a9771fcb7d42db3d8d448db9a81ed2ef1a2492","ssdeep":"3072:sHonhhgzVEoTBlYy+0LE8f+bKXrdytx0VWi5I1InamfLIq8UqLTRQLE6auxFvdt:sIwjTBdHAjsZy4VWi57fUkqLNaOuxft","tlshash":"70f312aba4b2f8381da3603195373fcb700b70171ae46aadc554ef9d7d5ae0685cc18e","first_seen":"2025-03-15T05:55:29.569873Z","last_seen":"2026-04-22T18:27:50.05152Z","times_seen":62,"resource_available":false,"data":null}},"time_used":595,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":595,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/new/3.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/new/3.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 07:15:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a42496-2dfb8\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":188344,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 856 x 400, 8-bit/color RGBA, non-interlaced","md5":"c12f13b61c3edfb632087956e12dd0c2","sha1":"dcb8553bc0b998f9b52d9bda68f7ac64f86c8fa6","sha256":"3b8f0c9dcbfcd1aec87b77a6447fb9175b84231b75f8e6e0393120e0187be13e","sha512":"55971e6fe584c23ba19783017e04403c3f861741dd00556b853a5572af6e44931ff9a310606b32bdb57b581c01408632cebedc745ae0a025de401bca9e8c72e2","ssdeep":"3072:/0hKygulsxe7wEQABIXUOCUWmLEbeZmeBLvsVNe/brFqRDZM6yYfJrKHwW5pbF8p:/0hN+e7wEQABIlWmLEbec2bb/brKK6rH","tlshash":"bc0412fd9221572ba244377c7a7cdd36e90561bdf89c28a10337b7944aa347278baf40","first_seen":"2025-08-19T12:54:30.85607Z","last_seen":"2026-04-22T18:27:50.109328Z","times_seen":5,"resource_available":false,"data":null}},"time_used":887,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":887,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/bsv.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/bsv.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 07:53:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64536462-ed9\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3801,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"bc6293370eceaba626a50801c27fc3ba","sha1":"671be576385defa1b197fcdb40059172894a2f11","sha256":"b5681eb2f2e568333b59fce2ea981991cef95d07fc1efe6f3f51c883456f9139","sha512":"e9e824c8682cf5dec4dc4a60f7781ae67c382dfbdccc5fe684ad26f6dad123141b59f4d97becfc9f904dd0d3ec03113cc4b469246c26b59b63fd4eef3a7c44c9","ssdeep":"","tlshash":"e5716d3fa38192166b9cc8985f2ff9da5cc39289f384592a6e93114a1221255141ff9d","first_seen":"2024-10-23T13:33:33.473747Z","last_seen":"2026-04-22T18:27:50.06076Z","times_seen":260,"resource_available":false,"data":null}},"time_used":876,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":876,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/dash.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.766Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/dash.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 07:53:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64536462-e44\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3652,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"d9ae624ec75f54e7a472e706c50f6171","sha1":"8f1595d2790ab5212dad31ae8e825929abf4b90c","sha256":"b064ad396c5b7bc48b0a1c14743d779d468486fddfd41fee9a740f7a416f89b9","sha512":"9d887e629e815f75cea198674023d507e52245932594bff5be082e1b535fae19f4dcdf6c54cb72bef6bdcbac605df7deb0662b365213c498033693c62f798902","ssdeep":"","tlshash":"35716d29ad337c98fca805e1d283a01ac97b653ac04d9dd353ed753b404a058a7c768f","first_seen":"2024-10-23T13:33:33.371625Z","last_seen":"2026-04-22T18:27:50.104682Z","times_seen":222,"resource_available":false,"data":null}},"time_used":875,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":875,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_etc","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_etc HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=etc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":232,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"bdf0b75b9ff319bf6d1d6b3db0e511cf","sha1":"ee572fbba9f1bbf780fade5c816efe3a33299ad5","sha256":"d86e2aa1a89c41716f6abb9bd2a533b6ea764a4a5837f6bfca03e41816edb2f6","sha512":"31d2f15d224ed14cac162600b26f6d50246d228e61b2ee9fe66672eb5b5d0408ed9ed3037268d369f3d45cd0f6ae1297aaed0b2a939eb20050682845c433ad35","ssdeep":"","tlshash":"68d0a7e47b3884150c32e7d5a8d65b2e794e84468085d74a16bf8dbc055c10e372182a","first_seen":"2026-04-22T18:26:39.732238Z","last_seen":"2026-04-22T18:27:50.034858Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2557,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2557,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_btc","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:15.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_btc HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=btc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:15 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":245,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6ee9178b9c1f7827ea9c2b8f0e5ba5a5","sha1":"e1136e85a5f357429674344df62e6f02060ffe1b","sha256":"15a0672c1cf7edf09aa53f4b87d09e05a52e1398217bfebe65363731d23d00f2","sha512":"7c7a90d6cefe427505c6fc930807db02280be7436b49a81f526b9394aa0aade4c86a6a73bbb5d5b55a58501057176672149f25b08b8e2891edd9bdf378cbaec0","ssdeep":"","tlshash":"45d05eb02b3589351c73e7d1a4e92b6e184e05d3808602596afe8e6816a820c2113922","first_seen":"2026-04-22T18:26:39.687525Z","last_seen":"2026-04-22T18:26:39.687525Z","times_seen":1,"resource_available":false,"data":null}},"time_used":529,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":529,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_doge","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:22.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_doge HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=doge"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":252,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"7e613f83333d3c0448ed7667bb965ee3","sha1":"4da33e2ad778e0e87e33eaff4a3093e05594b2cc","sha256":"34fcd5e86b4fd1450ad0c4272a4580d29e614f8bf4247b282ecace62ebfb704a","sha512":"8306a6bed7b772aea9a6c436e9eba376faaa09011ed979d57e2c006c57479ac4f9079733d8959c94cc8faf79a2d73aed7ddb8de8563b9b66764f462388b8ce89","ssdeep":"","tlshash":"54d095e43f3c05251ca1b3f26cee233f204d08828440470411ff4eb5506c72e3516831","first_seen":"2026-04-22T18:26:39.706949Z","last_seen":"2026-04-22T18:26:39.706949Z","times_seen":1,"resource_available":false,"data":null}},"time_used":384,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":384,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/FIL.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/FIL.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 07 Nov 2022 05:50:05 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63689c8d-4879\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18553,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"41173f1fac2d8fe9fcf0285d0e7d6acd","sha1":"2262cedafbeddfe8d47ffbd2ac442b0b92e681fa","sha256":"25f2ced7253fac8937192733091dc789301446bb306bdda4e7814999d03dc692","sha512":"73354a1dab8eec7ae4d2ea5c65ae235c9b9fe2860806f1a4825284a6971a001754649f868c91bd9e29e4141e6ac8bbad092296439678b02a26e9d3463e0ea070","ssdeep":"384:ci7lfIt9MsjkET7AlZaxL9qiCH5cAWs0IMzz9zgDlV52smW7NZorx:lRfTstPSa9SDIzVgbkXWAN","tlshash":"c682e0aee2d37c184a5bcb144be634b26cd23e694b636c43703dc70c9e5481963a327b","first_seen":"2023-05-22T05:59:44Z","last_seen":"2026-04-22T18:27:50.066683Z","times_seen":315,"resource_available":false,"data":null}},"time_used":879,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":879,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/indexbg.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:06.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/indexbg.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 26 Jul 2023 14:31:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64c12e47-136a8\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":79528,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 3840 x 1200, 8-bit/color RGBA, non-interlaced","md5":"904e6661e9d634a8dfc9912271119428","sha1":"61935df66dfb1bd6dea41ac7e8aec64f28994a17","sha256":"666f335115a73061107ae4ae905e05a80401c6eb453d75bdc1b1adef925c0047","sha512":"cba2515d59a8b2cc91621deea0e1967ddb4b754caee9be1f0f2e9b00e81932a37861208b0d6af168457167993c7583c9aa5b225fa3956caa3548ca66c5a8f5d0","ssdeep":"1536:pkWb2/hO6MJ7TzqrNeDHvs7LW/X05tdmL/ZU/KQ:pko6szqrNeDHvs7LlLH/KQ","tlshash":"1673d0bd9e774ac8f87841be3a3f0f7576240d960840031653bafd71edaade98a424d4","first_seen":"2025-03-15T05:55:29.537323Z","last_seen":"2026-04-22T18:27:50.06279Z","times_seen":70,"resource_available":false,"data":null}},"time_used":2396,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2396,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/footer_bg.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:06.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/footer_bg.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94b7-119d3\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":72147,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 557, 4-bit colormap, non-interlaced","md5":"562cc9b1820c0ccdf37b791052e55f53","sha1":"4be74f05976a4a9c7799afed24ce8bb23d5d7242","sha256":"130e1e871953055ac817d46049a5c056e37947749334d77bb1f4f775463d8759","sha512":"8f082c1a4aba14f2c86c1f9e670500075e9404443136b3a305a321e7a169b7fe71aa12306458e95efbb14f2cfc9916e845f086d6983e7996c3bea7e4b6784766","ssdeep":"1536:Zoy+yCtXmthvjqKfolFq/KBszk15nMrbrEdXA5aKSlAg952ucBXDvKqQ1:ZoyFEQh7sO/K5CEdXA8K4Ag952uIzyqY","tlshash":"2b63021728ae31e007319a3a52ed4a93e85e4fecf749ec161df1704fa294aca5c2617d","first_seen":"2024-10-23T13:33:33.49242Z","last_seen":"2026-04-22T18:27:50.043782Z","times_seen":406,"resource_available":false,"data":null}},"time_used":2390,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2390,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_fil","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_fil HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=fil"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":240,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6433aff1d2de71d326e54f44b92275b8","sha1":"1673caa883d80eaa2946acccd3ffba89a5cbc9c0","sha256":"43ca38e66ac9b2f23ef2c9a46b22cb392d4b5712fef6ef1ba3d1a4516c02f169","sha512":"778a8052d3c551ca8ac34be80d7ddee63b695dfe5489ac63f9d0ef173ca0d92762f57e37b93a1dce5f59626dd36c21cddfc5268db4076e5de616a399c7ceabb9","ssdeep":"","tlshash":"9ad0a7e03b7c49211da2a7e278d5672d68df094991805609a6fecd7900f951e3526922","first_seen":"2026-04-22T18:26:39.736244Z","last_seen":"2026-04-22T18:26:39.736244Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2550,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2550,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_eos","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:12.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eos HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eos"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:12 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"68ac40a84898f40747d958e0c0941c75","sha1":"a033ad6d2dddc4dcbabdf38740c1a8cd192dcf0d","sha256":"232ef71afd2e2d3a4a886bd164ac9ae400955e7f71505d3570e31635b2ecc00e","sha512":"0707d815ab13b1d6804fdee766d93c98b78e2ceddafbecda34f34372d1d689ada7e8777adf7264eb03a393dafa59e80ce9810cb74592580f0be1ac8ef4f453c2","ssdeep":"","tlshash":"ec70000002afa8a3028200288c0f000000ac28882ca080008c2822288a200028a00020","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:28:09.598884Z","times_seen":310,"resource_available":false,"data":null}},"time_used":2951,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2951,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_doge","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:17.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_doge HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=doge"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:17 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":252,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"7e613f83333d3c0448ed7667bb965ee3","sha1":"4da33e2ad778e0e87e33eaff4a3093e05594b2cc","sha256":"34fcd5e86b4fd1450ad0c4272a4580d29e614f8bf4247b282ecace62ebfb704a","sha512":"8306a6bed7b772aea9a6c436e9eba376faaa09011ed979d57e2c006c57479ac4f9079733d8959c94cc8faf79a2d73aed7ddb8de8563b9b66764f462388b8ce89","ssdeep":"","tlshash":"54d095e43f3c05251ca1b3f26cee233f204d08828440470411ff4eb5506c72e3516831","first_seen":"2026-04-22T18:26:39.706949Z","last_seen":"2026-04-22T18:26:39.706949Z","times_seen":1,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":331,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/light.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/light.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:05 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 06:29:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a419da-2936\"\r\nexpires: Fri, 22 May 2026 18:26:05 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10550,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 640 x 160, 8-bit/color RGBA, non-interlaced","md5":"93c7d8d11904f47c8478c2b7aff26267","sha1":"35af911036ef86b98d2d8933e2a0da8e806ce3da","sha256":"164be01dc3565dd768189c09d39867b3959cdf82c1701dd20dfbb64184f6e123","sha512":"23f202f8225d4e808ae2e4eac1a2c97aa786dfb6c3e8019b3c4b65256d8003cf291abbc234b178f38f482b1d18c3987a73b63e948b94ccc2fb245f406bfb7d99","ssdeep":"192:27ya7vsjNA9tp7Eg4A9uKieQ2Uch2i+l5U3Z8dzpsSgFlgmLFuR8o38ACS4BvG8R:tavJ9BiGeTbdzplgFl/FYMi4BvhR","tlshash":"e422b0d10571f910af9beaf3fa849f473c23c692f2e840f8e401ceac515ae09057652a","first_seen":"2025-08-19T12:54:30.851325Z","last_seen":"2026-04-22T18:27:50.053676Z","times_seen":11,"resource_available":false,"data":null}},"time_used":570,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":570,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Home/static/js/layer/skin/layer.css","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Home/static/js/layer/skin/layer.css HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3214c-36e0\"\r\nexpires: Thu, 23 Apr 2026 06:26:07 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14048,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (13967), with CRLF line terminators","md5":"1673a003559ea1607dd77e6467a4baed","sha1":"954f4afa17e3d1c057101e62950f6c9506245550","sha256":"9748f440829e0b76d70f344e9c989f6d2302eba81aeea03211d40ef5f29fe62a","sha512":"5f9b8254fe18cdc329ca87a4852b7cb5520dcf3c406c5b3d755e99d0e7ddd618cd5ca2b455868ae14d896431cea2252b60d79d5fdd9e404a1fb8685a05ceb955","ssdeep":"192:9OcW0PmLeWVNrzztBm0T9zBKgwBnsY5Cb+RX:9PW0ijV1JbTyGY5CGX","tlshash":"1c5202e144811299b0278611d6dcbeba32f88d53e5630dbef2573c1f874c6dba2b6247","first_seen":"2025-04-07T11:37:37.344268Z","last_seen":"2026-04-22T18:28:09.609875Z","times_seen":3191,"resource_available":false,"data":null}},"time_used":2821,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2821,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_doge","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:12.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_doge HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=doge"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:12 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":252,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"7e613f83333d3c0448ed7667bb965ee3","sha1":"4da33e2ad778e0e87e33eaff4a3093e05594b2cc","sha256":"34fcd5e86b4fd1450ad0c4272a4580d29e614f8bf4247b282ecace62ebfb704a","sha512":"8306a6bed7b772aea9a6c436e9eba376faaa09011ed979d57e2c006c57479ac4f9079733d8959c94cc8faf79a2d73aed7ddb8de8563b9b66764f462388b8ce89","ssdeep":"","tlshash":"54d095e43f3c05251ca1b3f26cee233f204d08828440470411ff4eb5506c72e3516831","first_seen":"2026-04-22T18:26:39.706949Z","last_seen":"2026-04-22T18:26:39.706949Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2961,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2961,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/05.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/05.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94ac-1909\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6409,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 166 x 166, 8-bit/color RGBA, non-interlaced","md5":"e002b0ae266b131f28f491204c9dd839","sha1":"77dae3fb93ddd56d003a0b6d57b4c57dfa6f48fc","sha256":"052368ff965c4c65e69ddc97c452d04b0f220a8309607ea1d7249c89a9d80ffc","sha512":"3670da28afed6d7a8bb27a2beafb51858626e7895ddd87b416dc0b3860cec91fc11bd0f727450f7518056a5d6a90aa51edd62fdb6559cbe1337161483ad17ff4","ssdeep":"96:7eeJGUxxQWBGmerw7+xzUPvZRdwSChV7dCBBrvy89EJlZ0RJAp87ay9:7ZZxtKrC+xz+RKBhHKFvTWJkReC7aG","tlshash":"ddd19dc667ad7a5f5e112a1b6c12da8ac0aff1b1a932843ab43e590bc5a6010e0bd745","first_seen":"2025-03-15T05:55:29.560362Z","last_seen":"2026-04-22T18:27:50.080213Z","times_seen":67,"resource_available":false,"data":null}},"time_used":872,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":872,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_bch","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:21.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_bch HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=bch"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:21 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":234,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"04533e9fa91402eb0fbb9554a9fd83c3","sha1":"39ac5a520ba0ff696d2d85763568b52819059bc9","sha256":"c6a69abbf94321670fe4466b2c79745211003c5a66fcfc3e68f6e2241085079f","sha512":"09f8ada64fff42c1f29945f1dacea1696c80c2f73347ea37b38d6ca9805744c3d91aee6631a5291ebaebb9fdd10df374400d536496ab451a344a5b468b9eec89","ssdeep":"","tlshash":"09d0a7d02e3d48a50e33a3c1b8e93f6d68cf408596c64608aafdcf64189c31c3b13c22","first_seen":"2026-04-22T18:26:39.742555Z","last_seen":"2026-04-22T18:26:39.742555Z","times_seen":1,"resource_available":false,"data":null}},"time_used":334,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":334,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_eos","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:22.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eos HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eos"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"68ac40a84898f40747d958e0c0941c75","sha1":"a033ad6d2dddc4dcbabdf38740c1a8cd192dcf0d","sha256":"232ef71afd2e2d3a4a886bd164ac9ae400955e7f71505d3570e31635b2ecc00e","sha512":"0707d815ab13b1d6804fdee766d93c98b78e2ceddafbecda34f34372d1d689ada7e8777adf7264eb03a393dafa59e80ce9810cb74592580f0be1ac8ef4f453c2","ssdeep":"","tlshash":"ec70000002afa8a3028200288c0f000000ac28882ca080008c2822288a200028a00020","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:28:09.598884Z","times_seen":310,"resource_available":false,"data":null}},"time_used":339,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":339,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/new/5.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/new/5.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 07:15:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a42495-15c11\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":89105,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 856 x 400, 8-bit/color RGBA, non-interlaced","md5":"ca97cdbe6830a8b6faa6356525070edd","sha1":"81ef9103cf75b4f521ce353e23fd038e76e1e375","sha256":"0f2c40d8f0961e778fb76d0d573e41e5807bcf525be9a983ab6d27db9df8c33e","sha512":"11c3d7be0df39fa37d722cb9065bcb436d9028aec7d3ec96d01a20111e3dfe15d7641d6d89bd94dd290354867b5765e53b43a04db63be1808ce3ac2dc4c577c0","ssdeep":"1536:WUt9qGQoTeitkXjyxbdKY063z4evhLagpq6+OASj0na47h22Swqb:V9rdtEgxKY0FmhJZ4tQPb","tlshash":"f593010578a0d527da56333e6e1cd1806b80d4e2562fce1d6a3bfbd08ecd1bd5e90687","first_seen":"2025-08-19T12:54:30.895691Z","last_seen":"2026-04-22T18:27:50.086112Z","times_seen":6,"resource_available":false,"data":null}},"time_used":885,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":885,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_aave","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_aave HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=aave"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":243,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c48ba16e921deae9f54155cdc445d81d","sha1":"cc6c41568d61da8d1cac53381c948cdfe9dddb06","sha256":"05d00ea92fedc44d8cadfe1398bf74ed9976dad707d2dad916a8de561e3287a7","sha512":"752903721227f7c651acfbe6f1df8f2f581faf36a4cc603bbb1572ab2dec2f39d278ff3a76c5363df7070b398c56fc243a6304a5aab4953568aa889993c7b3fb","ssdeep":"","tlshash":"74d05ee87f370a1a29b257d275f91f692c5e94428085820e5fbeca71267db09b109c12","first_seen":"2026-04-22T18:26:39.751407Z","last_seen":"2026-04-22T18:27:50.049535Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2550,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2550,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_trx","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_trx HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=trx"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":246,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"f9116ab10ba136bd6498518a42658cb7","sha1":"9b554bc7f41ed99a8f4088350e1ed0ae0e6ad844","sha256":"c01fa40e8aa6749fa087b353da3d1a7466d7e17a9fafcae5a0e17a7fa56c811a","sha512":"dd010c1e8eb126a86bfd979f565559eab820b305456cf7e3c43d0e785c5f407af80039e535a46ad4b90877435e79d2403a34a675f94d6108d8f4ffb17f81f515","ssdeep":"","tlshash":"f8d05eb03e3d49111823e7f1b8da279ea8ae448280c1020d26be8e7c159861d3722936","first_seen":"2026-04-22T18:26:39.755425Z","last_seen":"2026-04-22T18:26:39.755425Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2542,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2542,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/new/1.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/new/1.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:05 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 07:15:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a42495-2c9e6\"\r\nexpires: Fri, 22 May 2026 18:26:05 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":182758,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 856 x 400, 8-bit/color RGBA, non-interlaced","md5":"d6edaabf7cc4eaee8b42ffb6096d45e4","sha1":"7c05196cc41fa42552dd635ec828e253742bc4a9","sha256":"d50fa7953c5ad30e42a9e9fd44b9ddf1222ea52646ab6251ea0de841f57c1122","sha512":"4e1f5b9012d8c3d98579158677e054610e3ca1123f7ba937325b85bc7fd03f820cb2f1fb84ab9b4b0ad54a4081bae7a496112efdf15b3bdeb830db421f809d49","ssdeep":"3072:oF608QzKuOSgaNYOlyJCJa+Yf2K3rjRcDiYtldI5tmAEkBUwCxe2i8Zv:o41QeuCROleCJahjutldI5tmwpCxaO","tlshash":"ba042351f5ce24a28642c050cf0979bfb72cbb131fe62618ec4999918bffc5e314ab58","first_seen":"2025-08-19T12:54:30.835112Z","last_seen":"2026-04-22T18:27:50.088747Z","times_seen":5,"resource_available":false,"data":null}},"time_used":887,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":887,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/03.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.770Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/03.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94a8-1a9a\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6810,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 166 x 166, 8-bit/color RGBA, non-interlaced","md5":"56cbeed439c47886d857bf2c36468714","sha1":"f1085c8cf5686c184ecfd383788b38aab1428a42","sha256":"9e57dec64abf89817fab6d672b352f9c281a42cc0ebe50810d2e550135eb59b3","sha512":"1080479fd7faad224f868223a8e1d257b95f0cce824ff4c88fd3050f3d6b38a54efc9f5f459dede1ea14cf7c1608bb66f71dbc30fddd9f0b0e7c391100f8ef9c","ssdeep":"192:mN4ScWnJjgwGAdnWrQA11CSTttFqU2fOk0tk:AvlnJkXUnWr/ttMUEO+","tlshash":"6fe19eff5bde6dd54e3a18aa4d6020cbb88e80285b10c90a834e4149d3c3ce08e299d4","first_seen":"2025-03-15T05:55:29.570582Z","last_seen":"2026-04-22T18:27:50.110229Z","times_seen":67,"resource_available":false,"data":null}},"time_used":873,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":873,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_bch","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:14.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_bch HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=bch"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:14 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":234,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"04533e9fa91402eb0fbb9554a9fd83c3","sha1":"39ac5a520ba0ff696d2d85763568b52819059bc9","sha256":"c6a69abbf94321670fe4466b2c79745211003c5a66fcfc3e68f6e2241085079f","sha512":"09f8ada64fff42c1f29945f1dacea1696c80c2f73347ea37b38d6ca9805744c3d91aee6631a5291ebaebb9fdd10df374400d536496ab451a344a5b468b9eec89","ssdeep":"","tlshash":"09d0a7d02e3d48a50e33a3c1b8e93f6d68cf408596c64608aafdcf64189c31c3b13c22","first_seen":"2026-04-22T18:26:39.742555Z","last_seen":"2026-04-22T18:26:39.742555Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1529,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1529,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_ltc","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:16.394Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_ltc HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=ltc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:16 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":234,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a9f56a89656481c98556476285024e2e","sha1":"3024d480dd4e8c55b56174870270fd21f67208bf","sha256":"b436f1118d857a49e41f078aa19e49a0cc796010513808ef1b71cd2bf26f4233","sha512":"6ae2ad52510824405883304167c7ca770309678cc8a29f24c2f2e52a6a5bf092472c47acfe6b57e0df5a02c3c04d138c49ff10e9a98afb3d41952b08acba7d57","ssdeep":"","tlshash":"e6d0a7a07f3815350c31b7d19ae6271e5c4d8947e48c034957bfcf68106d50e3e26c26","first_seen":"2026-04-22T18:26:39.768349Z","last_seen":"2026-04-22T18:26:39.768349Z","times_seen":1,"resource_available":false,"data":null}},"time_used":347,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":347,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.3.0/font/bootstrap-icons.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.685Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.3.0/font/bootstrap-icons.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 18:26:05 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 8018\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 1.3.0\r\nx-jsd-version-type: version\r\netag: W/\"edbb-Du3MPQ7GnRobCfGvnAP4Uqb5QVI\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220103-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 3081075\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rMCKOeluKb0A7LMBnoU%2B6FHds5UZIzvG5RTMjn%2F80hnCEwNLVLaRPC2CZR1sNdlv%2FcICxWJv1mkE3Z1jt7AMzjM1uudf2ONXJjfjcFnz8RF%2FiBrGXrIicWOAfjD%2BiT58rSc%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9f06acc1684db4f1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":60859,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"dbf1248779dc682a91ba529b5efe0ffc","sha1":"0eedcc3d0ec69d1a1b09f1af9c03f852a6f94152","sha256":"32cc4a47b370e278072a6440249872e681efa1d992600420c03a9631da885d70","sha512":"2e96320bb785273c91c136a4aba02268e2c9ebcc92998c24160331ec14f0f902132d21f4ac4cb130771dd20758bef407d589b1f8e3175796622edb162a517098","ssdeep":"384:vaqJVm8OAL1M+hQokEYm47U7yH2CYEjOnm4zH7fZ6aXoso1v/:Sqnm8OAL1Mzocm4KyH2CYEjOnm874soh","tlshash":"2c53cebad18f05f59341e4d92743674293a9ba7ce1817c7ad342399ee3c06188ad73ec","first_seen":"2023-04-05T06:29:21Z","last_seen":"2026-04-22T18:28:09.601426Z","times_seen":14838,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":8,"receive":1,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_dot","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_dot HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=dot"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":241,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"19b2ac8c8e44adcf21c876c55a77e339","sha1":"3ba48e032709efe49cff33e8b8dc80def367fe29","sha256":"47e813bbcbadffe782369c4a51818b0c91a17e338983def17ceb89f72376c8eb","sha512":"dc145ed06e40a5b050da5d1834f2f07461f090f1e333a8941e7e0603e0dae75a366efb36a60da8e2f5dadef85c76950b163d8b20987ddfa4dd58dce4a0d4d597","ssdeep":"","tlshash":"c3d05ea03e3d08194cb2f3c1a8e62bae384e44568080424916ee4f7d619ca287226826","first_seen":"2026-04-22T18:26:39.77033Z","last_seen":"2026-04-22T18:26:39.77033Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2528,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2528,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/bootstrap5Slide/style.css","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/style.css HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:05 GMT\r\ncontent-type: text/css\r\ncontent-length: 589\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\netag: \"62c3214c-24d\"\r\nexpires: Thu, 23 Apr 2026 06:26:05 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":589,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (589), with no line terminators","md5":"df62cb99d119a66bcd5f06547d96ecb7","sha1":"a6d0e097db0919f47977c33510359bc08ec88a9c","sha256":"afca52e1c0203f27bf8165e8fcf92b2674f084f6372f12cc1e7bb3edaee35f03","sha512":"59d599c3a25a64cfae94e1b2f1328abffb199a503c0e8904a3e4a574c101cb6b72d09e94a7b2afaa3f8cbd1a55b92cb2b2bdc33b528ee6c953d30fa3b622cf0f","ssdeep":"","tlshash":"a2f07f42b71a596e5d872300a9d213abf10c7f319709097992f3211d8f29a85237df4e","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-04-22T18:27:50.026033Z","times_seen":6089,"resource_available":false,"data":null}},"time_used":567,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":567,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/LTC.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/LTC.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3ac-c3b\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3131,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"84781027c925a2d375db76b3d8ca9f3a","sha1":"7c5ae250e9e462c030e465d931744015af21d357","sha256":"03b779d3a4dad6d2c4fdcc972695892cf8d308facc05ed8bcd194cab0fc5210b","sha512":"b2ba2c600ee1942df7ac64e5dbf161f0e209fd2f008236963756ed797c463d1a15045d5d5f722f7929cd3c7496cea60a99191039eb141da3bdd8e2b465a23699","ssdeep":"","tlshash":"e5515cdaf30c1aa93ef410be4686030e4ea35d5a99e8d05800c70d77f494989ac7fb0d","first_seen":"2023-05-28T01:03:43Z","last_seen":"2026-04-22T18:27:50.047634Z","times_seen":333,"resource_available":false,"data":null}},"time_used":881,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":881,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_uni","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_uni HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=uni"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":254,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"32fc8fa0ac8cc9ca58e71bc59629044c","sha1":"987e3e38a68f71518ca22387d295b06d795a4864","sha256":"28e890a7854fc1a799b3a62d69827a1562cedcaacbc760fa74aeeafe7ad0a13b","sha512":"25514be7cd7cf0c5ab9991ad7bc060ca391bc4e0ceb92bab3e192eee2d9de7b8fcc2986cacfbe9aa274f27cc3029581cee3e71b8496ad56965dadbb493935a30","ssdeep":"","tlshash":"72d05ef46d39052545726fe27cfa267ea84c8c62c08157066aaecba12968119b05681e","first_seen":"2026-04-22T18:26:39.772904Z","last_seen":"2026-04-22T18:27:50.057761Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2547,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2547,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_eos","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.438Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eos HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eos"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"68ac40a84898f40747d958e0c0941c75","sha1":"a033ad6d2dddc4dcbabdf38740c1a8cd192dcf0d","sha256":"232ef71afd2e2d3a4a886bd164ac9ae400955e7f71505d3570e31635b2ecc00e","sha512":"0707d815ab13b1d6804fdee766d93c98b78e2ceddafbecda34f34372d1d689ada7e8777adf7264eb03a393dafa59e80ce9810cb74592580f0be1ac8ef4f453c2","ssdeep":"","tlshash":"ec70000002afa8a3028200288c0f000000ac28882ca080008c2822288a200028a00020","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:28:09.598884Z","times_seen":310,"resource_available":false,"data":null}},"time_used":2530,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2530,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/bootstrap5Slide/fonts/flexslider-icon.ttf","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:16.281Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/fonts/flexslider-icon.ttf HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/Public/Static/bootstrap5Slide/flexslider.css\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:16 GMT\r\ncontent-type: text/html\r\ncontent-length: 504\r\netag: \"66541f8f-1f8\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":504,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"b7f6c24fcd751e5a437f9a3700aa7074","sha1":"7462bb1e33a7a761363945ff31ff3e2b3a58c04e","sha256":"d7ee9daf35876b1fd867a1bff334dd0a2bf441f47b2cb3b8c4b7e33723d58678","sha512":"0af608e297389b14ff920bdc9335b777dd8314abe14da03627c62cf672b4218c47f7a91de98bd4e59e0b978c1f9ec1cb6ba2758542e51b0044b7972a486b8cfb","ssdeep":"","tlshash":"54f09e8340e14429111041302e9060054f4b7d8bdb5b4d0138afb1bbefc6a84c5635cc","first_seen":"2024-12-24T17:17:56.68958Z","last_seen":"2026-04-22T18:27:50.022568Z","times_seen":73,"resource_available":false,"data":null}},"time_used":316,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":316,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Home/static/imgs/hot-2.svg","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Home/static/imgs/hot-2.svg HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:05 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3214c-1ade\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6878,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"dd9279cfb541640afabd1d33527f1df4","sha1":"6d828472cfaa863044b92e5c884ea8d658df4d36","sha256":"6466ed8936ba729058d7e2ae3bc93a7d8f3fb8ec385d7e3c29f21968cbd5aaef","sha512":"53a3ddf98f9ea97b18e73e5ca308a452a16142e672dcf3d1c86e61cc83e94729651eb41301bc902cc2510178e0c708fb5b66f3bf1e4ccde0fcf5f61aff77fcf5","ssdeep":"96:QRslJ3A7/H2wd9Qci3A7/H2wd9Qccra97a9tx+duKNBBbNwKDNlUs7vkSqD:QWS/Zd9z/Zd9ia97a9tKblLs","tlshash":"96e197f7e1b8b993d246c771ed52485528aa84fbeb810391c2e8ff9a6135cc04c4edd4","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:50.076028Z","times_seen":5036,"resource_available":false,"data":null}},"time_used":570,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":570,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_comp","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_comp HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=comp"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:08 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":233,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6baa8037d895d65b3419174d700f5867","sha1":"8debd0b6e74b2f96f4ea9b476cf499360286997f","sha256":"cdd0ea79b9a1043780a1e55b39007fa3f5e891daf24ac9388accf5b1d7432a69","sha512":"a5cc44452acb00af580568650992c1f3e18ffe02de655893a9d38bfc7df86879cef0bd079b35de72bebc2941c39d91902d004f67441feab4a2a63bd0f8efdae5","ssdeep":"","tlshash":"bad0a7d56a3904250c21abd1acd9173d148e9543da48874a17fe8eb9902c60d3a2392b","first_seen":"2026-04-22T18:26:39.774724Z","last_seen":"2026-04-22T18:26:39.774724Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2546,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2546,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_ada","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_ada HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=ada"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":252,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"d70de3ebc511067668c21e22729d54c7","sha1":"2d5e0ad28ebc25155e2d7033c0122fb55ad2a91d","sha256":"ed958370dadd6fb6a1f0abf9209dec4e49b8e4f3925c0df17ad93ef238ab17ed","sha512":"2b4e6b60e232fa3df86629cdc1ce8526c8c34e3c40e21b81cd05ec042a770a76c570c4f9efe15a2b76f8bf448a5d72c9d27cbb416dc2252876be8538923fac00","ssdeep":"","tlshash":"63d097843f3888a11c32bfd0f8ca1b2de88d048dc0ca27091efece34646830d323281a","first_seen":"2026-04-22T18:26:39.776188Z","last_seen":"2026-04-22T18:26:39.776188Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2530,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2530,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_btc","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:09.394Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_btc HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=btc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:09 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":245,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6ee9178b9c1f7827ea9c2b8f0e5ba5a5","sha1":"e1136e85a5f357429674344df62e6f02060ffe1b","sha256":"15a0672c1cf7edf09aa53f4b87d09e05a52e1398217bfebe65363731d23d00f2","sha512":"7c7a90d6cefe427505c6fc930807db02280be7436b49a81f526b9394aa0aade4c86a6a73bbb5d5b55a58501057176672149f25b08b8e2891edd9bdf378cbaec0","ssdeep":"","tlshash":"45d05eb02b3589351c73e7d1a4e92b6e184e05d3808602596afe8e6816a820c2113922","first_seen":"2026-04-22T18:26:39.687525Z","last_seen":"2026-04-22T18:26:39.687525Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3412,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3412,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_eth","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:10.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eth HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eth"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:10 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":247,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"39fccf1e9d86ce86ddc222f72c3e80eb","sha1":"eca88aed791de7e5971fdd4049f4581371684cfd","sha256":"fe96bd22f6bad84f1964448bd24ca04cd0f7f1d8e7078473836a2c365f6f0fc7","sha512":"e42adfd50270302d54f0b7bf80dcc43391b011368c4c957f0a9d10c4566d1164a2c93fcce946aeb6ae3316cf58a74a1a9c1c9801f58baa4817293dd71fcce81e","ssdeep":"","tlshash":"5cd02ea8af3908180c22b3d1a2c40a2e248c10c5c8860309aafd8fab162820c3a12c22","first_seen":"2026-04-22T18:26:39.777552Z","last_seen":"2026-04-22T18:26:39.777552Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2414,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2414,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_etc","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:20.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_etc HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=etc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:20 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":232,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"bdf0b75b9ff319bf6d1d6b3db0e511cf","sha1":"ee572fbba9f1bbf780fade5c816efe3a33299ad5","sha256":"d86e2aa1a89c41716f6abb9bd2a533b6ea764a4a5837f6bfca03e41816edb2f6","sha512":"31d2f15d224ed14cac162600b26f6d50246d228e61b2ee9fe66672eb5b5d0408ed9ed3037268d369f3d45cd0f6ae1297aaed0b2a939eb20050682845c433ad35","ssdeep":"","tlshash":"68d0a7e47b3884150c32e7d5a8d65b2e794e84468085d74a16bf8dbc055c10e372182a","first_seen":"2026-04-22T18:26:39.732238Z","last_seen":"2026-04-22T18:27:50.034858Z","times_seen":2,"resource_available":false,"data":null}},"time_used":333,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":333,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-22T18:26:03.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:05 GMT\r\ncontent-type: text/html; charset=utf8mb4\r\nvary: Accept-Encoding\r\nset-cookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\npragma: no-cache\r\ncache-control: private\r\nx-powered-by: ThinkPHP\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ThinkPHP","description":"ThinkPHP is an open-source PHP framework with MVC structure developed and maintained by Shanghai Topthink Company.","website":"https://www.thinkphp.cn","common_platform_enumeration":"cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:*","icon":"ThinkPHP.png","categories":["Web frameworks"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:2.0.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap:4.5.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"FlexSlider","description":"FlexSlider is a free jQuery slider plugin.","website":"https://woocommerce.com/flexslider/","common_platform_enumeration":"","icon":"FlexSlider.png","categories":["Widgets"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":98142,"size_decoded":0,"mime_type":"text/html; charset=utf8mb4","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1018), with LF, NEL line terminators","md5":"49247c607df722d5630e95ce01094919","sha1":"45cc25e45234a723d3f8ca56b313e06eb89aec4a","sha256":"1cc1a6c4b9a6d7e501678cfcac31fae8d8176e44869619104ec4f41d981b00c9","sha512":"e519eb600dd60813c30e7f59e0cc4ae1629cb0a8ba7bb475c10a326bc6eb874548a09b75cd1f2356856a55bcc5dfde5473c810ab22fd8c8b591be6c57d26ded3","ssdeep":"768:NzXSBFbbFGFAtlr8We5sAdqBkiwESRqDlZA/zO/jRAalv/dBYHAY5KYgrY6d5JUn:dKdbM8wwFLpn8+jg4hD+zbd4a","tlshash":"92a39624b7ef0029345360409f75265630faa633ca0ac425bbbc2d917fcd94d6977aee","first_seen":"2026-04-22T18:26:39.778956Z","last_seen":"2026-04-22T18:27:50.075114Z","times_seen":2,"resource_available":true,"data":null}},"time_used":2800,"timings":{"blocked":1116,"dns":537,"connect":284,"send":0,"wait":568,"receive":0,"ssl":291},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/bootstrap5Slide/bootstrap.bundle.min.js","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/bootstrap.bundle.min.js HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3214c-1339c\"\r\nexpires: Thu, 23 Apr 2026 06:26:06 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":78748,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"8831aa095cdec88f66c2e46c339cf352","sha1":"5db4c40dbc6bd3d9623ee98a2061dd265885cf2e","sha256":"79d443b15f542c8a8acca8e937f2a3c90ecba78bd49fdbac6c9b878c7f1293e9","sha512":"b07f093e128951e03d3d693778e70e97c53e95f65382d0570f8d6ae9c3bfb25c311870b129c5b8e4ae283c25211c6ecd301e266ca11d75598fb935eda5b09b14","ssdeep":"1536:GaPTJR2t4PqiiyuL5FehgTr1voCBZx6wVlLBkS:4OANBZVV5","tlshash":"0f73c5493254b87309ee15a68037460bf7256d94b14b802cb5bdacde2b3dc8672b7f78","first_seen":"2023-03-07T01:34:42Z","last_seen":"2026-04-22T18:27:50.069436Z","times_seen":7517,"resource_available":true,"data":null}},"time_used":1398,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1398,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_chz","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_chz HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=chz"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":253,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"cd1711242c96525723701a9a6f5c574f","sha1":"b84d1fba3b84ad47e3450a00e9afcea34aa5e771","sha256":"56dd7635e0c4719b116011db0cedbdea5e42015db406019f574cace3f338cb57","sha512":"674ae80243d290ca3867bad482052488864174bca43f794370c9d4351821e44b387b746ff2833af400cd2b0b151723a8cb70d3fcf966f04b7c794ece59e2366b","ssdeep":"","tlshash":"03d05be43a34451618b16bd26cf5176564dc8450818556069afdcb211d6e1093216c12","first_seen":"2026-04-22T18:26:39.780984Z","last_seen":"2026-04-22T18:26:39.780984Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2547,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2547,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/new/banner4-1.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/new/banner4-1.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:05 GMT\r\ncontent-type: image/png\r\ncontent-length: 173\r\nlast-modified: Mon, 08 May 2023 15:51:41 GMT\r\netag: \"64591a8d-ad\"\r\nexpires: Fri, 22 May 2026 18:26:05 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":173,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 6 x 33, 8-bit/color RGBA, non-interlaced","md5":"2653e42945c988adf2aab6f7e3289324","sha1":"39608eaf1689a30b10b9a9001ed5c70e88c8c39a","sha256":"7335286ca733e4efee02592ac0c458e4adfd116cfe1002147872a3086bcda75c","sha512":"00ee308a13377e81e585563f05301176385199aedcccca22906e5a3453dcb7cc531512a608e2d0cbb0e838a1515257c1275c184279d4335d659df50834486138","ssdeep":"","tlshash":"a2c0c0c941f0647fe04c002b260202c45cb70b6c0412080c04962420e1039c06489087","first_seen":"2025-03-15T05:55:29.528948Z","last_seen":"2026-04-22T18:27:50.056083Z","times_seen":72,"resource_available":false,"data":null}},"time_used":570,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":570,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/ETC.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.714Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/ETC.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3ab-a5d\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2653,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"15826e5fb164bf4513d121f8c6e7c5e3","sha1":"80f6393cc2db82bbf1b7fd6a941d2e4113815a02","sha256":"f8a590615ba750a27e905a047173734c8b0c58848566adfc54d4b4bfa2d431de","sha512":"7699c10a056fdca26c633f039462370271929b5ed33a414430c93b054935c30d0bef37ee244a445e5f5cccabd4c871f8f33fef2d4e6e0e3561e4a28a06bb419c","ssdeep":"","tlshash":"24514c7ec0d3d8708c54107e5bdd8d8e9128816c339f9d48b1d49b164b0319e687e149","first_seen":"2023-05-31T10:27:17Z","last_seen":"2026-04-22T18:27:50.011982Z","times_seen":481,"resource_available":false,"data":null}},"time_used":880,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":880,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/01.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/01.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:29:03 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94bf-1a42\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6722,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 166 x 166, 8-bit/color RGBA, non-interlaced","md5":"11d9836d37472e8a23062fb4228d1802","sha1":"9ce4083635466ffc6913a39f28c54d27613be700","sha256":"9d74621b1ec2fdc911ae973cdafb756b385c7cff75f93b568cc3ac6f73e30e63","sha512":"ff94ad35cae4a83a518acf4e97241ccee8e9494801051e7e2d0d814f79dce52c34791bb7044d390b589f8207560b3a972c81397284bb11b09ebe876a761b0733","ssdeep":"192:9YJ+hpu52rEFt1XZ3TIbo78Xwp9mt9bXL:9cYpu52rKhj8Xd","tlshash":"bbd19ef7eb7490f1c58841e96c78b82828cacbaa7d5a80604f385d556c019f2c0af46a","first_seen":"2025-03-15T05:55:29.562133Z","last_seen":"2026-04-22T18:27:50.031684Z","times_seen":67,"resource_available":false,"data":null}},"time_used":874,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":874,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_bsv","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.446Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_bsv HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=bsv"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:08 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":246,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"98cc640b5e3c3aa03d51ce322381997b","sha1":"fd4df9910f05d057bb0f86d0540d78321d1255cc","sha256":"6528eb584b0d5ab5ebc4dfb061dd5e03009006e63331f871ffdc7ddb5b519c40","sha512":"cd2399a035590d900f73148372c4fbdf8f637151c049d8295602e7c49b8a5899132c34871971791cbb0783f5142ce25fff0cfee3709c32a6e04bdad07af7f909","ssdeep":"","tlshash":"01d02ee03e30801202a2afd2a8e62a6e389c8001d080070096bedb202aed40cb782c26","first_seen":"2026-04-22T18:26:39.78606Z","last_seen":"2026-04-22T18:26:39.78606Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2539,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2539,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/BCH.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/BCH.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3aa-e86\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3718,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"ceb22af48692db74ae22f6892bd8cc7d","sha1":"a169f22c6828df50428b9c044ccd8f92834c122e","sha256":"1ba1c59bbd92737d720f5d5df59d2674830fe6c09deb757e23540dccecb5310a","sha512":"22d0b05dcb30a9fdd4554da487b9558fe945d89e0c969a932f07fe783e06449cfc5b8e5c15d9839e8ab0a46377b3e55a71263b6afac7a586aeb04f2bbac2c1c6","ssdeep":"","tlshash":"14717ed19717ea53fa27439331241f3759afc6950e902580879292d51215ac711962ac","first_seen":"2023-06-03T12:58:34Z","last_seen":"2026-04-22T18:27:50.017817Z","times_seen":362,"resource_available":false,"data":null}},"time_used":882,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":882,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Home/static/js/layer/layer.js","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.807Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Home/static/js/layer/layer.js HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3214c-4d83\"\r\nexpires: Thu, 23 Apr 2026 06:26:06 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19843,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (19752)","md5":"666f4437565d197e9459e19a29f58315","sha1":"afc5c0a1369137e52b37ad5fb63f48202ce31368","sha256":"4a49651ad86a83ecbd9c2ad34e7f5c906b46ae2c4c93c1c8585148f936b7e100","sha512":"1e659ff6c47458dbbaf7e7561402c12441286c255ddec048bf654388e8666a9ceca344e166657c29fce4a08b46470b44c47e8f1c6f577adc2a4e4f4f0e7e1e90","ssdeep":"384:DQ8cuj0z4VfS7ShA3BMJOoM6bs7hwI9b4Zrxy:DQtu8CfS793QODbcI","tlshash":"5f92c85ab5503593216390a9911fa90f30f24d22eb078958f16bf1fd1ebcda562b3f0b","first_seen":"2023-04-11T09:52:52Z","last_seen":"2026-04-22T18:28:09.608149Z","times_seen":13302,"resource_available":true,"data":null}},"time_used":1399,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1399,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_btc","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:13.394Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_btc HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=btc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:13 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":245,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6ee9178b9c1f7827ea9c2b8f0e5ba5a5","sha1":"e1136e85a5f357429674344df62e6f02060ffe1b","sha256":"15a0672c1cf7edf09aa53f4b87d09e05a52e1398217bfebe65363731d23d00f2","sha512":"7c7a90d6cefe427505c6fc930807db02280be7436b49a81f526b9394aa0aade4c86a6a73bbb5d5b55a58501057176672149f25b08b8e2891edd9bdf378cbaec0","ssdeep":"","tlshash":"45d05eb02b3589351c73e7d1a4e92b6e184e05d3808602596afe8e6816a820c2113922","first_seen":"2026-04-22T18:26:39.687525Z","last_seen":"2026-04-22T18:26:39.687525Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2527,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2527,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/UMA.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/UMA.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3ad-64a\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1610,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"86655dc1b940596005b726a83c1a777a","sha1":"8abcf0da5e278a567bc8abf65e34e41df4ec8505","sha256":"0954534406237d03692e20018a64b2e116795e70d2384f0d72d2df6617950768","sha512":"b60de2aa619eefe70375f04ecd2b912fb002118ca17119434e47f1272bd79c005325b17fa53c88b14bf1b28c2bef188620762b9756216ce1d6da66ba931c0caf","ssdeep":"","tlshash":"1931e7c3a908b05f14e24e1016dbd8c7f52be8530b166c60ac07b99f6edfd84a2bcb45","first_seen":"2023-06-03T12:58:34Z","last_seen":"2026-04-22T18:27:50.018922Z","times_seen":317,"resource_available":false,"data":null}},"time_used":878,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":878,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/bootstrap5Slide/scripts.js","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/scripts.js HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 298\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\netag: \"62c3214c-12a\"\r\nexpires: Thu, 23 Apr 2026 06:26:06 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":298,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"48477ea73f8709a6c29d7cde0cc83e55","sha1":"5dc30fab107725dd71ab343d70b9e6267ea68cf1","sha256":"fd67e1f083236a6c171d2275401174ea62a6f24fc81193d55653080a236a209a","sha512":"0932287b99d7c96929e7464b6684fe399dfcaaea787dcab28fa0879094b5eb4d92139260fecde4ffe430eca3986430f98a72fc523332c4e476bee9ea2226b1b3","ssdeep":"","tlshash":"1ee0cd91761d4f9d1ccc3257996092c576841524e401f06790374c6c0a9584225fb7fc","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-04-22T18:27:50.052952Z","times_seen":6103,"resource_available":true,"data":null}},"time_used":1678,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1398,"receive":280,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/kf.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:06.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/kf.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 01 Aug 2023 12:36:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64c8fc34-390c\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14604,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced","md5":"17d11eb3ed0a873fb39a2ed6c2d1e8b4","sha1":"01fe18d7706386bd60e4e6355c6e91753761cbc3","sha256":"d925429d915f6ee24fc67c4e8a2b4cfaec127fdd72bacb2b0f06706b3499c9c9","sha512":"3337170a5dbef72a49e8844f73d37bf731672af5315c4241b649ffc8c1568bd2ea9a008317278845b3ae69e9068d61919b2bfc52754969d54ac9e9b6c69171bb","ssdeep":"384:xbhVPI1QVjKBMR8J3JfGEe84XJPGmna4WnN1iae7Zr:1hVPIWBKQ8n+QqEmnkNT0N","tlshash":"3a62e01cab00f62c490058aee1732722de2d1f5d804549a75e2b25f97f3b6be026b3f5","first_seen":"2025-03-05T02:11:03.931384Z","last_seen":"2026-04-22T18:27:50.062223Z","times_seen":366,"resource_available":false,"data":null}},"time_used":2397,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2397,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_dash","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.447Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_dash HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=dash"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:08 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":228,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"15d98f81e640d4edf9410398234b9867","sha1":"3c0a162cfd21be712c51894612632ca52f809f24","sha256":"361318ce081bf2c5fdb84952129cc86c6d4d9393e2ed6aea370dfacdd597a3a5","sha512":"976c3029e391788052f3c4b24c7b8cbb84b7f99bb2883f78464d1f12b104772ca0028e24162dce464b2153775bb05f9439b48ef2040e6d781721e23fb53e45c4","ssdeep":"","tlshash":"76d0a7907fb948250c73ebf1adea172f684d4487818492096bfd8f78117910e3b26c2a","first_seen":"2026-04-22T18:26:39.790396Z","last_seen":"2026-04-22T18:27:50.059802Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2535,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2535,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Home/static/css/base.css","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Home/static/css/base.css HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:05 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3214c-64a5\"\r\nexpires: Thu, 23 Apr 2026 06:26:05 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25765,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (846)","md5":"8739b7f6cc1db5ea89afe0a14afacd7a","sha1":"f7dc32e9b67f5a0190cdb0d641f141294522fe46","sha256":"446377cfd8abce9140615cc2df1cfd3c2e8f908f179cbe1c7bc6209ef1bd2f3e","sha512":"8daa0f9ebd76dc9e94f4c5cf0acd3380b91abe7186648e41574d747c9cd0bfc2a6c28ba80c0e34ce2aba079782d9061d73bb37010cd77f7f59bc5879a19612a6","ssdeep":"384:BpFiOVTjRmNi2RoLy6IbRiWc2FDwFxYorvRnEkEZ58s8BXR8G8LrB888t7jL5ZBe:Y4cN39FDwFx9EZS9YzqtRB8TF3MDdu","tlshash":"12c295a7dfa30901b81bc5a41ff9ab55236c8017910bdebd7fc53648cf462d898a27c6","first_seen":"2023-06-09T02:38:16Z","last_seen":"2026-04-22T18:27:50.108332Z","times_seen":2231,"resource_available":false,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":285,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/coinimgs/.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/coinimgs/.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: text/html\r\ncontent-length: 504\r\netag: \"66541f8f-1f8\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":504,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"b7f6c24fcd751e5a437f9a3700aa7074","sha1":"7462bb1e33a7a761363945ff31ff3e2b3a58c04e","sha256":"d7ee9daf35876b1fd867a1bff334dd0a2bf441f47b2cb3b8c4b7e33723d58678","sha512":"0af608e297389b14ff920bdc9335b777dd8314abe14da03627c62cf672b4218c47f7a91de98bd4e59e0b978c1f9ec1cb6ba2758542e51b0044b7972a486b8cfb","ssdeep":"","tlshash":"54f09e8340e14429111041302e9060054f4b7d8bdb5b4d0138afb1bbefc6a84c5635cc","first_seen":"2024-12-24T17:17:56.68958Z","last_seen":"2026-04-22T18:27:50.022568Z","times_seen":73,"resource_available":false,"data":null}},"time_used":6822,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1400,"receive":5422,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Home/static/js/jquery.SuperSlide.2.1.1.js","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Home/static/js/jquery.SuperSlide.2.1.1.js HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3214c-2c9e\"\r\nexpires: Thu, 23 Apr 2026 06:26:06 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11422,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10855), with CRLF line terminators","md5":"0b9bc63ab05e21e3830da5bbb4ccee67","sha1":"d162156bdaf14217d76d920e0e57b86d8feb1d97","sha256":"349e46b2c65028736d0bbff7b829c7fc6fbdebc1fb1e8b12365a0ca2e6e9e848","sha512":"bdfa220da1f08e29f05a9984c4999d7e742bea10ad86b7e497a0d112c7992cc52b7f1e9f5430b4286f14bb2336110f85cbdc3164a92121caaf5c91961f7e69c9","ssdeep":"192:j+K3bxH+nqfhD9VUVjIItpfg5uXG3+1tSCl+7flvSXwaHxImISLTNSfYXH7Le2HE:jNcnqflKFgEWulE8REcS3j/CkR1Xh3","tlshash":"9532c65fb66635ca4597b3f1107f940d222b5965fc8a8ca0b17082c0adb9a1c243bfed","first_seen":"2023-04-05T11:06:31Z","last_seen":"2026-04-22T20:40:29.730152Z","times_seen":13308,"resource_available":true,"data":null}},"time_used":1399,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1399,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_eth","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:13.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eth HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eth"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:13 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":247,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"39fccf1e9d86ce86ddc222f72c3e80eb","sha1":"eca88aed791de7e5971fdd4049f4581371684cfd","sha256":"fe96bd22f6bad84f1964448bd24ca04cd0f7f1d8e7078473836a2c365f6f0fc7","sha512":"e42adfd50270302d54f0b7bf80dcc43391b011368c4c957f0a9d10c4566d1164a2c93fcce946aeb6ae3316cf58a74a1a9c1c9801f58baa4817293dd71fcce81e","ssdeep":"","tlshash":"5cd02ea8af3908180c22b3d1a2c40a2e248c10c5c8860309aafd8fab162820c3a12c22","first_seen":"2026-04-22T18:26:39.777552Z","last_seen":"2026-04-22T18:26:39.777552Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2529,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2529,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/bootstrap5Slide/flexslider.css","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.690Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/flexslider.css HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:05 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 27 Apr 2023 15:17:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a9222-1b1c\"\r\nexpires: Thu, 23 Apr 2026 06:26:05 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6940,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"df757c10d61db76d72f3a1aa5ba02880","sha1":"1101f3bdad4263e0bc51fc7ed5b2644e01c038f8","sha256":"77f76910108b7062309dd6bfa310123a867fca01b12eef62c37e5d2d0d0cc794","sha512":"1d663c8bbee93cb2f6dec538a478fee62b991269a6bb661a89351c5ab057a81453a67eb251d0ef94518d986d2aca30e0fefa6df9858d3004a383d33478e53d0c","ssdeep":"96:KnSjtVxOrS1MWfviQzOCpfkcFQ2YOdJS5r:PjvJ3NJFQxYJYr","tlshash":"d5e1d17c16f40704a827c16cae42db1ea7acc002961ed85de5e11638ceea389c973bdd","first_seen":"2023-04-08T00:25:48Z","last_seen":"2026-04-22T18:27:50.101626Z","times_seen":751,"resource_available":false,"data":null}},"time_used":567,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":567,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/DOGE.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/DOGE.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3ab-838\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2104,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 61 x 60, 8-bit/color RGBA, non-interlaced","md5":"ff0c62c872d877837881793431cf064c","sha1":"8ee9cdfe43cfba24078529fa23984ab9e9d99a76","sha256":"c146f8822178b5581dd5eb80071e9824e1634252a4cd0d25b9675b0cb3da570e","sha512":"2416ae2389993012befe574c4ee91c47b6101f3e89b7582d25ce214e248e5305f327183c2a7222259b9aeae09ff7315edeae1ff11c8be3304ca11d5cefeb09ff","ssdeep":"","tlshash":"b0416e07f3ddbe79ccd66bb71348e024d01ff7e1b8010b98a42a4c565258c6f215c44b","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:27:50.076588Z","times_seen":5331,"resource_available":false,"data":null}},"time_used":880,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":880,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/09.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/09.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94b0-60a\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1546,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced","md5":"2361bcc4e0bd2c84f9aff90f02fe2ecb","sha1":"cf3f148d3573a8dc67153b9c927c20e384cb1d51","sha256":"229ea4eca7c7bacd3eeb632e310109aeadfe7f6fff1bd0359b7b134a0b68ba12","sha512":"b058d493f924c3a255a25ad629695f913699ddea5da8a4b8c848145db7c81be975c687f59c9420bd035c43857aa75ad9cf012e8d644b350dbe35c6d5852a6e91","ssdeep":"","tlshash":"9d31da9eeb68f93c4f870217d14efa455b7b0cf97a02523958991a8d2ad94404cdc369","first_seen":"2025-03-15T05:55:29.543505Z","last_seen":"2026-04-22T18:27:50.037288Z","times_seen":66,"resource_available":false,"data":null}},"time_used":871,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":871,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/ada.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/ada.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 07:53:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64536462-13dc\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5084,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"3c630d48e25b4f76cb67e3f9b29a1840","sha1":"21ff7adeae4705a1b0ecb571f5fa98b5aa9da916","sha256":"ac43f42d0252a1d32196142ede6fd9a0b18f009f6bebd2255a2e493737d92058","sha512":"d7dd64616a88e4f53e4bea6b6a7e2fbbb3e6d2cc6a8f312244146f72e017c7465e0133c8ef73b14f714237cbb322b50f172d588ed7f617d16a35ab73ead6dcbf","ssdeep":"96:S4dRPCKnXlROlMKTVr34gY1vVutJSXc5he38/lBrc7Wx1U+uBCrba1:xn6aXDOlb2vVums5Ys/LruJCre1","tlshash":"a9a18e826c61b4d9b6428479134df5ac8d92c218ccd046dd7f87cd38ab101e8ca1e9ab","first_seen":"2023-05-27T03:32:48Z","last_seen":"2026-04-22T18:27:50.086741Z","times_seen":276,"resource_available":false,"data":null}},"time_used":876,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":876,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.3.0/font/fonts/bootstrap-icons.woff?4601c71fb26c9277391ec80789bfde9c","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:06.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.3.0/font/fonts/bootstrap-icons.woff?4601c71fb26c9277391ec80789bfde9c HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.jsdelivr.net/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: font/woff\r\ncontent-length: 106812\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 1.3.0\r\nx-jsd-version-type: version\r\netag: W/\"1a13c-GxDOCA4lYqi36DlQRNPKg9wRKZk\"\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230120-FRA, cache-bma-essb1270030-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 2988276\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nSGsduse43zSLh5msy46%2FjMj%2FWasIL8PjaFbhsQ2bm8xjtBn81uSIhXY5xxEYSEL2xE3DjK%2FETu39RoqoxjI7KnNLGGs1b7clyUlDEFnPYnRWW1kLh2jiMg8FZOrktTKUzE%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9f06acc618475689-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":106812,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 106812, version 1.0","md5":"df7de9fe96a30f78c7f652f5b00ae016","sha1":"1b10ce080e2562a8b7e8395044d3ca83dc112999","sha256":"011ae1fe8e56c310d82ec3795cb8f86b9dea521dd0bc560a0ae0c2e87baedd4b","sha512":"d8cd580ed4119b0d31c9f3b7ea1b2002ccef31ba26cc6791114e5017e9ccffbfbf57b8611aafa52a8b3e76fc8f77b0d51d333dfcd5b293ddde61da3bbbbda47e","ssdeep":"1536:IEGBxy7wyLnYmvpdgacZtaiLBug50yslpdHfaKoGS3MUt7jCP/KgpL+HoEf7HhDt:0zy7pnYm/zcZta+UNoGS3gpL+Zwul","tlshash":"8fa302c0688d7e9ade37df31a226826373d3094a637c2d6f26997852c946e0f7637341","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:28:09.60369Z","times_seen":10291,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":6,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/BTC.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.706Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/BTC.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3aa-a83\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2691,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"2edf1ef8b333c40979976d1a49bc234c","sha1":"d75ac12795b4a9575c874e1b190712cd62a87afc","sha256":"50a1901684f223bf26594dd3415b1e50f184820a16daa810cc5452911e9117a9","sha512":"f697a1fa0786316fc01003f72621920932e2657e4acf5a471e35d02717c42c9db5a12df311895a776a563dcae9b8fc0b6721833529a054b9dbfff4c52fc564d3","ssdeep":"","tlshash":"2b515ee60252267980d32438616db1e178beabb2c3021ded6c1444954acc4b62555cfa","first_seen":"2023-05-01T18:49:36Z","last_seen":"2026-04-22T21:20:06.772271Z","times_seen":21103,"resource_available":false,"data":null}},"time_used":883,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":883,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/js/jquery.flexslider.js","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/js/jquery.flexslider.js HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 27 Apr 2023 15:40:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a9760-e028\"\r\nexpires: Thu, 23 Apr 2026 06:26:06 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":57384,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (325)","md5":"242034cacf5d08f9a4f4df40208f830b","sha1":"56cffde8b9ca0b7e3161714b786651ac2b87a953","sha256":"487639627bd943c11e40764b968904c921e505bb73f0ae5d7367c8c8ff84a526","sha512":"fcbb4ccb030b5d9dbd4c96c44de7387ba9dd4963f14034ddb2a0ae77ef10e08167290d56565afceebd03e68a3d40d3bdceea903490e6bd0c509afa9ef034582c","ssdeep":"768:oILMsh61e6anxUS1cdeAzMuwskDkg9iPFi2PU1SFzuLdu:kynN8P1PU1SFzuLdu","tlshash":"3043ff1a61b2166589a372ae2f5fdc14eaf78343901dc969fddd030cdf4442806b6bf9","first_seen":"2023-03-07T17:01:43Z","last_seen":"2026-04-22T18:27:50.061424Z","times_seen":669,"resource_available":true,"data":null}},"time_used":1398,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1398,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_eth","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:22.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eth HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eth"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":247,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"39fccf1e9d86ce86ddc222f72c3e80eb","sha1":"eca88aed791de7e5971fdd4049f4581371684cfd","sha256":"fe96bd22f6bad84f1964448bd24ca04cd0f7f1d8e7078473836a2c365f6f0fc7","sha512":"e42adfd50270302d54f0b7bf80dcc43391b011368c4c957f0a9d10c4566d1164a2c93fcce946aeb6ae3316cf58a74a1a9c1c9801f58baa4817293dd71fcce81e","ssdeep":"","tlshash":"5cd02ea8af3908180c22b3d1a2c40a2e248c10c5c8860309aafd8fab162820c3a12c22","first_seen":"2026-04-22T18:26:39.777552Z","last_seen":"2026-04-22T18:26:39.777552Z","times_seen":1,"resource_available":false,"data":null}},"time_used":333,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":333,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/AAVE.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.719Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/AAVE.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3a9-1d26\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7462,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"1e4fb53364a553f65bd6ec3f3e023efb","sha1":"0b0709507914d48422e154e322ad67ad18bb4b76","sha256":"03579a2133847bd338e3e36c718ade13cb5beff8877c82e9792df2fed29e93a7","sha512":"531c3cb811e370eb0c3ee723087582ab226bfac6228ffbbe80deaa1b59f51579c9c6bb89a7f4c0a5c88034758cf457bc0a4320ba6ab0fdd560a64e21859b0f5a","ssdeep":"192:DJGYhMdsWTVDAtOW7NdIJ5kyKXgLnX/A1biUEEb17RXZsjX:DJGhieAAWZiienX/YbiUEG1xZsjX","tlshash":"ddf18effc1a105a3e60dacb08a74dbd8b6e1a425fa8c6652fdb6d3053d005335c75aa2","first_seen":"2023-06-03T12:58:34Z","last_seen":"2026-04-22T18:27:50.102796Z","times_seen":325,"resource_available":false,"data":null}},"time_used":878,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":878,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/BAL.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/BAL.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3aa-922\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2338,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"434f95cf398ff96a140cbd3cae92cac1","sha1":"14ec93193a85de4ae155b6ad0f2a3edef58cf9e5","sha256":"920c160bd3dbb09de22b942672c48a724c389143c6347f841d60e6b938f82923","sha512":"e90d9eca88e37b4d2f5f7291ee9b3184868b6c8cc22f8a31f5190fc4359c209b6203d3feb696540111e1d8e543942446d0f1750eb8e1c58f9945e6f0aa042f1f","ssdeep":"","tlshash":"a2419854d2b8e49add276bf7a4159f33956bd129f6c80a40f5a87a3c0903f449dc52d0","first_seen":"2023-06-03T12:58:34Z","last_seen":"2026-04-22T18:27:50.027432Z","times_seen":320,"resource_available":false,"data":null}},"time_used":878,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":878,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/xmr.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/xmr.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 07:53:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64536462-a8f\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2703,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"dd806331c821d34fd7e91bfc6897211c","sha1":"24b3825bf3a8f8b5e604bf6b444d7c2d97aded69","sha256":"b24a76bd9854df525b90521299de92ac4afd44f57d801e4aae184f9bca41b3dc","sha512":"57357fbe03f5e9d7d4235beca8a5e6b052f9f941797b3d094e55646d18d26fa48973067f69164c307dd7a4fbf399ccb0bb533984f59074217da0b2da0d44475b","ssdeep":"","tlshash":"91513c320899d51cd650d53d30cb94e2ad311c7e5b88b999d6d9d1b1096a4f5543dd20","first_seen":"2024-10-23T13:33:33.483221Z","last_seen":"2026-04-22T18:27:50.046752Z","times_seen":215,"resource_available":false,"data":null}},"time_used":876,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":876,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/UNI.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/UNI.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3ad-d98\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3480,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"05022933cd2233fd9dff586e2ff3c836","sha1":"492755f70f4072ea7e31ee85d8a72ce31b3c0334","sha256":"39d66dcc92b0d7921d64b7ad8786a5633e9d590969fa36ec338b6cc2e42ff3d6","sha512":"f7ecf237309e5dea124de18e1178066226a3d768425e3cb425dde756c7d0899e42f4453c47a0652fad10e527867e035bec8c8abc3d4c700dfb1d8f5488fb3807","ssdeep":"","tlshash":"2c716af6a80330f2eee62923c0089102800fb59269c308604f04fe6bd41adebe7d5ac2","first_seen":"2023-06-03T12:58:34Z","last_seen":"2026-04-22T18:27:50.0418Z","times_seen":334,"resource_available":false,"data":null}},"time_used":881,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":881,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/1INCH.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/1INCH.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3a8-2970\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10608,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"15d97161b65ddac5d4abad667dcddff6","sha1":"cc213aa8e905bee08ba0cb391d9ac525111270b9","sha256":"5c15c5889ca614021ec4458b6fa8180585a9d648161788206ab69a1173ddb780","sha512":"0a0d2b8f8262476940647be1d45891434d1f3ed1169161e2f5d6eb333f8168e89beb7719c846c4efb495a628a9f4fae810183b4ce663adddbcf6aa1e14b71d37","ssdeep":"192:5fSoETndenJtcoAPbMYjSVrz5pnYSPQcOGslchh4hplrk5M:hSHTCmu5yJfjBplAM","tlshash":"0a22bf4abc657815814f24db81a6cd1d86ff8dc17926c12d248ed22803daca7f8ba683","first_seen":"2023-06-03T12:58:34Z","last_seen":"2026-04-22T18:27:50.082894Z","times_seen":310,"resource_available":false,"data":null}},"time_used":881,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":881,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_btc","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:17.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_btc HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=btc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:17 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":245,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6ee9178b9c1f7827ea9c2b8f0e5ba5a5","sha1":"e1136e85a5f357429674344df62e6f02060ffe1b","sha256":"15a0672c1cf7edf09aa53f4b87d09e05a52e1398217bfebe65363731d23d00f2","sha512":"7c7a90d6cefe427505c6fc930807db02280be7436b49a81f526b9394aa0aade4c86a6a73bbb5d5b55a58501057176672149f25b08b8e2891edd9bdf378cbaec0","ssdeep":"","tlshash":"45d05eb02b3589351c73e7d1a4e92b6e184e05d3808602596afe8e6816a820c2113922","first_seen":"2026-04-22T18:26:39.687525Z","last_seen":"2026-04-22T18:26:39.687525Z","times_seen":1,"resource_available":false,"data":null}},"time_used":347,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":347,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_eos","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:17.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eos HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eos"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:17 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"68ac40a84898f40747d958e0c0941c75","sha1":"a033ad6d2dddc4dcbabdf38740c1a8cd192dcf0d","sha256":"232ef71afd2e2d3a4a886bd164ac9ae400955e7f71505d3570e31635b2ecc00e","sha512":"0707d815ab13b1d6804fdee766d93c98b78e2ceddafbecda34f34372d1d689ada7e8777adf7264eb03a393dafa59e80ce9810cb74592580f0be1ac8ef4f453c2","ssdeep":"","tlshash":"ec70000002afa8a3028200288c0f000000ac28882ca080008c2822288a200028a00020","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-04-22T18:28:09.598884Z","times_seen":310,"resource_available":false,"data":null}},"time_used":361,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":361,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/bootstrap5Slide/bootstrap.min.css","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/bootstrap.min.css HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:05 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3214c-2f0fa\"\r\nexpires: Thu, 23 Apr 2026 06:26:05 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":192762,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65184)","md5":"cb46b85888b78de64c1f51bc7797aacb","sha1":"e57147e69810b9ee63af657969ddfd6c456957e3","sha256":"652650f2c09a63e822932e07d79583c64a996e44ff680e2a9183c2a7c5b2531e","sha512":"cdf48d3e0b60cd162995316ce921e3285248d481378251f13403c39302baba3efe6332a537cccf255e2261b8c39d719ab1a9efd83e97111ed321e11dd0eefdb1","ssdeep":"1536:rQGFA+QbGwz48MIEtQ12c2Jsj+aeHYAVmJz600I40Yw:rQGqAVmJz600I40Yw","tlshash":"311492a7f581201ee493c10995d2bffe057f9586d3021baaf42737b44b452eb8a63e4c","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-04-22T18:27:50.066152Z","times_seen":3243,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":291,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/usdc.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.760Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/usdc.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 07:53:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64536462-8c6\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2246,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"34a0a93a76960505d00647f82a235bbd","sha1":"b8889c12217678bb8de7b60ba732bb00ef7eaf33","sha256":"98c9a5f555cda2c13172162655b6d2f9903fa6ba00a86b694dd628d45c5a5780","sha512":"5187eea1e6a1265fef0d70c4c1f03f63f3adcfcab98640be5d6d94ff9d83856049ecb0426d6c313126d9d9e7c9a35eac8c8f1347412e75d0af896ea6bcbd49a6","ssdeep":"","tlshash":"b5412c03b1f04d9ad29b1f3db919085ff02e09ea1949c87f45e7790ebd6aae1c345711","first_seen":"2024-10-23T13:33:33.452912Z","last_seen":"2026-04-22T18:27:50.083547Z","times_seen":286,"resource_available":false,"data":null}},"time_used":876,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":876,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/dot.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/dot.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 07:53:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64536463-11a0\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4512,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3","md5":"9b80e332192b4501a7b2ea68cf81877d","sha1":"bd8c43b0e1efb07078383c223e36b044a84b9d68","sha256":"94c64a23926f16b8764163bb4bf4298ba5c81adbce05805874771b4935d7dda0","sha512":"618fd24497594ef2e20d482f9db8611bf4b5b7d79f48d9a4ac234a9f6b74a93bc284f45a4461fd6b403317d04f04361b6a3dcbc9cb729f5f0003d08f433eb9bc","ssdeep":"96:jeqJYPZyhFnZLOSpJ1ccOm358VK3Fs8SMBKWTvI+FYHEuRB:jUsZlpJ2lA5HBlvI+CLB","tlshash":"69915c2fa5084527feabcf354e30b1086710ac52d9446e1db93aea7fb05e46b2cd3004","first_seen":"2024-10-23T13:33:33.425393Z","last_seen":"2026-04-22T18:27:50.073102Z","times_seen":248,"resource_available":false,"data":null}},"time_used":876,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":876,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/favicon.ico","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:15.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:16 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 16958\r\nlast-modified: Tue, 19 Aug 2025 07:16:29 GMT\r\netag: \"68a424cd-423e\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16958,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel","md5":"89d8e39eda078521f04fdde4aaf1aaac","sha1":"1bce02b1a72840af48c42971bc67a61c8a88ce32","sha256":"74fca3da26e603855649dad4214c8f51da250e0f295194348ddfadae54f918b0","sha512":"40aa29c8a2e2325a8d5f553ad9df1d073dc8fd6376ebe9cd1c71244bfaa79a943b4a79281043deaf27b74201ad53ea6d868d7e2009f32f71119b26ed07a72b5c","ssdeep":"48:Gs5LJ6BrdfQw6YdqkIc70Y1SAVdn2LXwJqEPa2kdts:GsBJ6BFQwvse51iLXwJqEPa2kdts","tlshash":"eb7268c3bac070bbc72d0735e1d2df369e2d0ea86d5c866200c79d57bc46c9d5c59405","first_seen":"2025-08-19T12:54:30.927312Z","last_seen":"2026-04-22T18:27:50.08806Z","times_seen":10,"resource_available":false,"data":null}},"time_used":288,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":287,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_eth","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:19.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eth HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eth"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:19 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":247,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"39fccf1e9d86ce86ddc222f72c3e80eb","sha1":"eca88aed791de7e5971fdd4049f4581371684cfd","sha256":"fe96bd22f6bad84f1964448bd24ca04cd0f7f1d8e7078473836a2c365f6f0fc7","sha512":"e42adfd50270302d54f0b7bf80dcc43391b011368c4c957f0a9d10c4566d1164a2c93fcce946aeb6ae3316cf58a74a1a9c1c9801f58baa4817293dd71fcce81e","ssdeep":"","tlshash":"5cd02ea8af3908180c22b3d1a2c40a2e248c10c5c8860309aafd8fab162820c3a12c22","first_seen":"2026-04-22T18:26:39.777552Z","last_seen":"2026-04-22T18:26:39.777552Z","times_seen":1,"resource_available":false,"data":null}},"time_used":335,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":335,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/08.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/08.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:47 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94af-665\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1637,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 88 x 88, 8-bit/color RGBA, non-interlaced","md5":"ad3e6d20dd722c9eaf3cd4cc0bd3583f","sha1":"6aa85a1de7497e038de7aaec06e60ef2c83a434c","sha256":"cab305eca6f6aa45c6cfd463068ef215fe94fd338f69e8746632d3e61dd47f60","sha512":"f98110aa5e2513cb81f5732fa82b6c3326485ac7d47e3d2f9a38599b92d6733fcf9f42ffbb196115b53df211edd59bc1468d1b29b5ec7fefe6e19e1cb5802dd7","ssdeep":"","tlshash":"e8310a823235e4bdd40e1bb92b0e3270924a5a6c20c7c0fc1b1b2da141a66159869fd1","first_seen":"2025-03-15T05:55:29.519201Z","last_seen":"2026-04-22T18:27:50.042899Z","times_seen":66,"resource_available":false,"data":null}},"time_used":871,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":871,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_bch","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_bch HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=bch"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":234,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"04533e9fa91402eb0fbb9554a9fd83c3","sha1":"39ac5a520ba0ff696d2d85763568b52819059bc9","sha256":"c6a69abbf94321670fe4466b2c79745211003c5a66fcfc3e68f6e2241085079f","sha512":"09f8ada64fff42c1f29945f1dacea1696c80c2f73347ea37b38d6ca9805744c3d91aee6631a5291ebaebb9fdd10df374400d536496ab451a344a5b468b9eec89","ssdeep":"","tlshash":"09d0a7d02e3d48a50e33a3c1b8e93f6d68cf408596c64608aafdcf64189c31c3b13c22","first_seen":"2026-04-22T18:26:39.742555Z","last_seen":"2026-04-22T18:26:39.742555Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2564,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2564,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_ltc","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_ltc HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=ltc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":234,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a9f56a89656481c98556476285024e2e","sha1":"3024d480dd4e8c55b56174870270fd21f67208bf","sha256":"b436f1118d857a49e41f078aa19e49a0cc796010513808ef1b71cd2bf26f4233","sha512":"6ae2ad52510824405883304167c7ca770309678cc8a29f24c2f2e52a6a5bf092472c47acfe6b57e0df5a02c3c04d138c49ff10e9a98afb3d41952b08acba7d57","ssdeep":"","tlshash":"e6d0a7a07f3815350c31b7d19ae6271e5c4d8947e48c034957bfcf68106d50e3e26c26","first_seen":"2026-04-22T18:26:39.768349Z","last_seen":"2026-04-22T18:26:39.768349Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2557,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2557,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_usdc","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_usdc HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=usdc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":242,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"bea631145daa1349f60b1657269b147b","sha1":"807b202fd532d4205a7d58aa36580b74c0a9c473","sha256":"37a59034a392812c851e2dcfea8e310fbbddc5c75ed985015b08fe9cd6b3c2a3","sha512":"90386336a7c242f58385edd87cb2f52750e1cd4fd43896a84c737321ad983325a5df481903aea97fb93ed6306430ba2548e391afaa60f62a7c4ba75df8cb3c7b","ssdeep":"","tlshash":"41d05ed03a3889252c21a3d768d526feb84d08958484430ad6fe8e6814a861c3665c33","first_seen":"2026-04-22T18:26:39.80708Z","last_seen":"2026-04-22T18:26:39.80708Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2528,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2528,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_fil","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:22.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_fil HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=fil"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":240,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6433aff1d2de71d326e54f44b92275b8","sha1":"1673caa883d80eaa2946acccd3ffba89a5cbc9c0","sha256":"43ca38e66ac9b2f23ef2c9a46b22cb392d4b5712fef6ef1ba3d1a4516c02f169","sha512":"778a8052d3c551ca8ac34be80d7ddee63b695dfe5489ac63f9d0ef173ca0d92762f57e37b93a1dce5f59626dd36c21cddfc5268db4076e5de616a399c7ceabb9","ssdeep":"","tlshash":"9ad0a7e03b7c49211da2a7e278d5672d68df094991805609a6fecd7900f951e3526922","first_seen":"2026-04-22T18:26:39.736244Z","last_seen":"2026-04-22T18:26:39.736244Z","times_seen":1,"resource_available":false,"data":null}},"time_used":365,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":365,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@4.5.0/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.684Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap@4.5.0/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 18:26:05 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 24869\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 4.5.0\r\nx-jsd-version-type: version\r\netag: W/\"27293-TxSgmmBsmaEfj9oVVk72b3BAKCY\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220176-FRA, cache-bma-essb1270026-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 5941779\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R3BQxFpocdTaI%2Fe5mlnMAG3JzTHUYBqfGz9JnzxE1h5XdHJxyzkK0TqAoYaDSA5q5hGyj26rewjagZ2AQeL5dOiz3nVqM0nEwZ9Rr6VKBh2sEhpKncYuRLDv07Ken7nPHuU%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9f06acc16a3f5689-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":160403,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65324)","md5":"3afe15e976734d9daac26310110c4594","sha1":"4f14a09a606c99a11f8fda15564ef66f70402826","sha256":"680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c","sha512":"aced925c428148809afc07f28442b966a58508ea24d6b7203d87c63aab57df93b28ab68183a5dae0d9c12705e0a484685de5a370099c42788c869db686d0dcea","ssdeep":"1536:2THqIJOT7SyEIA1pDEBi8yNcuSEeA1/uypq3SYiLENM6HN26H:YH9vGGq3SYiLENM6HN26H","tlshash":"03f353a6f5a0312de4a7c61964d0bafd152f8245d7224bfbf8273b6447892c70a73e4c","first_seen":"2023-04-05T04:00:44Z","last_seen":"2026-04-22T20:22:41.751523Z","times_seen":22669,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":6,"receive":1,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/new/4.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/new/4.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 07:15:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a42496-216b4\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":136884,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 856 x 400, 8-bit/color RGBA, non-interlaced","md5":"46ef3425ec53f6643ec9b85fbebd74f4","sha1":"a55514d9c1c9a47d079881ba132b38cc0505351a","sha256":"ffa5550e8494706611447bc613e27d390b5ee209a593b0dbc8e897ff5b387c70","sha512":"4f43839415c93257a8c98e15e82964d5e524bfaf91f62f28ab67ff832054e0cc6cbcafaf25f42d4b5155ac27c1712524e7b23241bc1900ccec0d030750a88cf9","ssdeep":"3072:dT1ZHDhXAoJZs9QxmeJ0Y0v0Qk2+h1h1PnBj+WuqW7:dTvtXAMWQxmdPQvP1PB7uqC","tlshash":"98d3123094a0ae7cee4f445b0da1f37ee370c043569429382e1da5a41bed45fb926f67","first_seen":"2025-08-19T12:54:30.882636Z","last_seen":"2026-04-22T18:27:50.020795Z","times_seen":5,"resource_available":false,"data":null}},"time_used":885,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":885,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_xrp","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_xrp HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=xrp"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":245,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"3b6e65c76c37803729b711a85530ad99","sha1":"5f6c8912beca6fb749e778c37a46231deb68b754","sha256":"33b1c839f0e4225359101c9222ffb1292f11b7ab26b0e537769ec3a3c87b10a8","sha512":"a06ee5afcb60581ed0662c8027490717aa509ad13d2ee396c3689453e31abd0ab8653581aa2d9d8e0a29337740df7131124cebd9eca153a5bb42fbb1c925a946","ssdeep":"","tlshash":"fad097823f3d01241c23b3c2acd6236e380c8042c0d1030b2afe8e3c20ec20cb222c32","first_seen":"2026-04-22T18:26:39.718429Z","last_seen":"2026-04-22T18:27:50.03364Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2556,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/Static/img/margin_background.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:06.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/Static/img/margin_background.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:29:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94be-39398\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":234392,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2790 x 1144, 8-bit/color RGBA, non-interlaced","md5":"a65fa4327bd43d084905328e9a3e248a","sha1":"8d77ae6fc8c5fe40072d022ee7d6f4bc071afd0b","sha256":"e48087bc91d8faaade1a708aadc0759e6df3d9eadfcf14f28a1e5d25707342d9","sha512":"b3f299aae231ae8603b98af79a68805b2c2f1689ef95bd2d29c6844cffccc1efc4bcbd4304fd4e2fe58d097df77a91574ed948f07140f2fd6e19c762ee670b41","ssdeep":"6144:FtYMt5Si3X3IN6pg45n8A8cJUzl2BOQ4Hg57968zCHBsFU5x:FB3Hjuw8VC8mOQ4HW68TEx","tlshash":"34341266b1cd8c56d4bd48f150e9874d3ca63a9e06ad8e213ab1c684577fe2c6cb83c1","first_seen":"2025-03-15T05:55:29.56516Z","last_seen":"2026-04-22T18:27:50.077763Z","times_seen":70,"resource_available":false,"data":null}},"time_used":2390,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2390,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_uma","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:07.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_uma HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=uma"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":241,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"54e97efc0b5db32fa3651464cca813a6","sha1":"79e104a8eb2df19156cdf45c9222300871f4c6c1","sha256":"d236f80ac1268790b39bb25409123a4469731aa6847f6e2afb34986d4cf873f7","sha512":"619d1621d1b84a28c7088cd74ca13083e989e300675cefbf7f65442e9c9f29ec2affeea967c53c664816d6a19499d96205787dc9aaaee1f7f96ee75090da7e38","ssdeep":"","tlshash":"9bd05ea92b39440509a1abd2f8fa1aea544c8485808593467fadca2526a810e7015c56","first_seen":"2026-04-22T18:26:39.813122Z","last_seen":"2026-04-22T18:26:39.813122Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2542,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2542,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Ajaxtradenew/obtain_eth","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:16.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eth HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcexx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eth"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:16 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":247,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"39fccf1e9d86ce86ddc222f72c3e80eb","sha1":"eca88aed791de7e5971fdd4049f4581371684cfd","sha256":"fe96bd22f6bad84f1964448bd24ca04cd0f7f1d8e7078473836a2c365f6f0fc7","sha512":"e42adfd50270302d54f0b7bf80dcc43391b011368c4c957f0a9d10c4566d1164a2c93fcce946aeb6ae3316cf58a74a1a9c1c9801f58baa4817293dd71fcce81e","ssdeep":"","tlshash":"5cd02ea8af3908180c22b3d1a2c40a2e248c10c5c8860309aafd8fab162820c3a12c22","first_seen":"2026-04-22T18:26:39.777552Z","last_seen":"2026-04-22T18:26:39.777552Z","times_seen":1,"resource_available":false,"data":null}},"time_used":334,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":334,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/Public/new/2.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /Public/new/2.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 07:15:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a42496-202c2\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":131778,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 856 x 400, 8-bit/color RGBA, non-interlaced","md5":"49a5713fd8d293a6e3bbdceb47761e45","sha1":"635358162098d8aac73ed39d3e84535874adcf45","sha256":"01c75289d4901e1e8a4b50fe4d0e4ac10de1c14633782bf639fd4bee6902c575","sha512":"0a9552dfbd749ad24334b2342d23e7c06a892aa60c721574786610e9e4c92ff50d267019d5b549a616c9e631d4a2f3fdcce744657dda3d309b208529960a014c","ssdeep":"3072:+jyIJRJiTfUg/DHyywuYHowX3ax19U0GlzZXW+lD9:+j9RJsUg/LfQTH+jLGlzZm+z","tlshash":"33d312d2c2f3b46a291d29627cedcf6dd2a1e50976bf0198c05097ce5a328da5df0b4c","first_seen":"2025-08-19T12:54:30.91726Z","last_seen":"2026-04-22T18:27:50.045438Z","times_seen":6,"resource_available":false,"data":null}},"time_used":887,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":887,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcexx.com/xm/trx.png","fqdn":"gcexx.com","domain":"gcexx.com","tld":"com"},"ip":{"addr":"27.124.43.40","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcexx.com/","date":"2026-04-22T18:26:05.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gxecgcx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 08:39:57 GMT","end":"Wed, 24 Jun 2026 08:39:56 GMT"},"fingerprint":{"sha1":"0F:51:03:4F:21:D2:D2:28:DA:46:D2:7A:48:D6:4D:FE:43:16:E3:97","sha256":"A2:A9:3C:37:63:D3:5F:7B:CE:C6:06:87:10:80:C1:BF:58:09:94:2F:19:3A:CD:D9:D7:E6:4C:2F:29:0F:A0:72"}}},"request":{"raw":"GET /xm/trx.png HTTP/1.1\r\nHost: gcexx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcexx.com/\r\nCookie: PHPSESSID=du46880hhqntgi8ghdbi7eegs7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 22 Apr 2026 18:26:06 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 07:53:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64536463-1735\"\r\nexpires: Fri, 22 May 2026 18:26:06 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5941,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"273ef6386ba9fa5f898cb287fc158b2a","sha1":"ca3836d219eec81150b468190f6464294f577acc","sha256":"7f169dcdd6e34e9107624b12b34d930f3c9e6dac99af40e5658d917070d23add","sha512":"199f641aef0c7476c655acfc42d23357898219c844424c611f92bc6591de05a74f8810955d0290440d18d729d4b8fc91e851fdcfb62e03dd09cf5e8fdced53ce","ssdeep":"96:evTBOSuvec7k5dzzcNMMDHrQ02VMpyD/qSjiq15njHDKOfALKHRqzH0DzgG8qzu5:0TB8odMTrzpybVjiq11jHW3QRqwDzpbC","tlshash":"ecc1bf3aa1d11b7b0acee31b430c8804d20ef253d225cd59c8af9065bed17e7406f813","first_seen":"2024-10-23T13:33:33.42136Z","last_seen":"2026-04-22T18:27:50.103827Z","times_seen":277,"resource_available":false,"data":null}},"time_used":876,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":876,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"gcexx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}